Mozilla Network Security Services (NSS) ASN.1 Verification Vulnerability
Last Update Date:
26 Sep 2014
Release Date:
25 Sep 2014
4123
Views
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability has been identified in Mozilla Network Security Services (NSS). A remote user can forge digital certificates.
The library does not properly parse ASN.1 values in a digital signature. A user can conduct a Bleichenbacher attack variant against the RSA algorithm to create a forged certificate.
Impact
- Spoofing
System / Technologies affected
- Versions prior to 3.16.2.1, 3.16.5, 3.17.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (3.16.2.1, 3.16.5, 3.17.1).
Vulnerability Identifier
Source
Related Link
Share with