Skip to main content

Mozilla Network Security Services (NSS) ASN.1 Verification Vulnerability

Last Update Date: 26 Sep 2014 Release Date: 25 Sep 2014 4123 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Mozilla Network Security Services (NSS). A remote user can forge digital certificates.

 

The library does not properly parse ASN.1 values in a digital signature. A user can conduct a Bleichenbacher attack variant against the RSA algorithm to create a forged certificate.


Impact

  • Spoofing

System / Technologies affected

  • Versions prior to 3.16.2.1, 3.16.5, 3.17.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (3.16.2.1, 3.16.5, 3.17.1).

Vulnerability Identifier


Source


Related Link