CVE-2014-1568
Summary
| CVE | CVE-2014-1568 |
|---|---|
| State | PUBLISHED |
| Assigner | mozilla |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-09-25 17:55:04 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Mac Os X | All | All | All | All |
| Application | Chrome | 37.0.2062.0 | All | All | All | |
| Application | Chrome | 37.0.2062.100 | All | All | All | |
| Application | Chrome | 37.0.2062.102 | All | All | All | |
| Application | Chrome | 37.0.2062.20 | All | All | All | |
| Application | Chrome | 37.0.2062.3 | All | All | All | |
| Application | Chrome | All | All | All | All | |
| Application | Chrome | All | All | All | All | |
| Operating System | Chrome Os | All | All | All | All | |
| Operating System | Microsoft | Windows | All | All | All | All |
| Application | Mozilla | Firefox | 31.0 | All | All | All |
| Application | Mozilla | Firefox | 31.1.0 | All | All | All |
| Application | Mozilla | Firefox | 32.0.1 | All | All | All |
| Application | Mozilla | Firefox | 32.0.2 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | 24.8.0 | All | All | All |
| Application | Mozilla | Network Security Services | 3.11.2 | All | All | All |
| Application | Mozilla | Network Security Services | 3.11.3 | All | All | All |
| Application | Mozilla | Network Security Services | 3.11.4 | All | All | All |
| Application | Mozilla | Network Security Services | 3.11.5 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.10 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.11 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.2 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.3 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.3.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.3.2 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.4 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.5 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.6 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.7 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.8 | All | All | All |
| Application | Mozilla | Network Security Services | 3.12.9 | All | All | All |
| Application | Mozilla | Network Security Services | 3.14 | All | All | All |
| Application | Mozilla | Network Security Services | 3.14.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.14.2 | All | All | All |
| Application | Mozilla | Network Security Services | 3.14.3 | All | All | All |
| Application | Mozilla | Network Security Services | 3.14.4 | All | All | All |
| Application | Mozilla | Network Security Services | 3.14.5 | All | All | All |
| Application | Mozilla | Network Security Services | 3.15 | All | All | All |
| Application | Mozilla | Network Security Services | 3.15.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.15.2 | All | All | All |
| Application | Mozilla | Network Security Services | 3.15.3 | All | All | All |
| Application | Mozilla | Network Security Services | 3.15.3.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.15.4 | All | All | All |
| Application | Mozilla | Network Security Services | 3.15.5 | All | All | All |
| Application | Mozilla | Network Security Services | 3.16 | All | All | All |
| Application | Mozilla | Network Security Services | 3.16.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.16.3 | All | All | All |
| Application | Mozilla | Network Security Services | 3.16.4 | All | All | All |
| Application | Mozilla | Network Security Services | 3.2 | All | All | All |
| Application | Mozilla | Network Security Services | 3.2.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.3 | All | All | All |
| Application | Mozilla | Network Security Services | 3.3.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.3.2 | All | All | All |
| Application | Mozilla | Network Security Services | 3.4 | All | All | All |
| Application | Mozilla | Network Security Services | 3.4.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.4.2 | All | All | All |
| Application | Mozilla | Network Security Services | 3.5 | All | All | All |
| Application | Mozilla | Network Security Services | 3.6 | All | All | All |
| Application | Mozilla | Network Security Services | 3.6.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.7 | All | All | All |
| Application | Mozilla | Network Security Services | 3.7.1 | All | All | All |
| Application | Mozilla | Network Security Services | 3.7.2 | All | All | All |
| Application | Mozilla | Network Security Services | 3.7.3 | All | All | All |
| Application | Mozilla | Network Security Services | 3.7.5 | All | All | All |
| Application | Mozilla | Network Security Services | 3.7.7 | All | All | All |
| Application | Mozilla | Network Security Services | 3.8 | All | All | All |
| Application | Mozilla | Network Security Services | 3.9 | All | All | All |
| Application | Mozilla | Network Security Services | All | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
| Application | Mozilla | Seamonkey | 1.0 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0 | alpha | All | All |
| Application | Mozilla | Seamonkey | 1.0 | beta | All | All |
| Application | Mozilla | Seamonkey | 1.0.1 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.2 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.3 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.4 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.5 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.6 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.7 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.8 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.9 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1 | alpha | All | All |
| Application | Mozilla | Seamonkey | 1.1 | beta | All | All |
| Application | Mozilla | Seamonkey | 1.1.1 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.10 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.11 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.12 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.13 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.14 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.15 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.16 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.17 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.18 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.19 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.2 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.3 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.4 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.5 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.6 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.7 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.8 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.9 | All | All | All |
| Application | Mozilla | Seamonkey | 1.5.0.10 | All | All | All |
| Application | Mozilla | Seamonkey | 1.5.0.8 | All | All | All |
| Application | Mozilla | Seamonkey | 1.5.0.9 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0 | alpha_1 | All | All |
| Application | Mozilla | Seamonkey | 2.0 | alpha_2 | All | All |
| Application | Mozilla | Seamonkey | 2.0 | alpha_3 | All | All |
| Application | Mozilla | Seamonkey | 2.0 | beta_1 | All | All |
| Application | Mozilla | Seamonkey | 2.0 | beta_2 | All | All |
| Application | Mozilla | Seamonkey | 2.0 | rc1 | All | All |
| Application | Mozilla | Seamonkey | 2.0 | rc2 | All | All |
| Application | Mozilla | Seamonkey | 2.0.1 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.10 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.11 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.12 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.13 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.14 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.2 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.3 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.4 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.5 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.6 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.7 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.8 | All | All | All |
| Application | Mozilla | Seamonkey | 2.0.9 | All | All | All |
| Application | Mozilla | Seamonkey | 2.1 | All | All | All |
| Application | Mozilla | Seamonkey | 2.1 | alpha1 | All | All |
| Application | Mozilla | Seamonkey | 2.1 | alpha2 | All | All |
| Application | Mozilla | Seamonkey | 2.1 | alpha3 | All | All |
| Application | Mozilla | Seamonkey | 2.1 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.1 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.1 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.1 | rc1 | All | All |
| Application | Mozilla | Seamonkey | 2.1 | rc2 | All | All |
| Application | Mozilla | Seamonkey | 2.10 | All | All | All |
| Application | Mozilla | Seamonkey | 2.10 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.10 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.10 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.10.1 | All | All | All |
| Application | Mozilla | Seamonkey | 2.11 | All | All | All |
| Application | Mozilla | Seamonkey | 2.11 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.11 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.11 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.11 | beta4 | All | All |
| Application | Mozilla | Seamonkey | 2.11 | beta5 | All | All |
| Application | Mozilla | Seamonkey | 2.11 | beta6 | All | All |
| Application | Mozilla | Seamonkey | 2.12 | All | All | All |
| Application | Mozilla | Seamonkey | 2.12 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.12 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.12 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.12 | beta4 | All | All |
| Application | Mozilla | Seamonkey | 2.12 | beta5 | All | All |
| Application | Mozilla | Seamonkey | 2.12 | beta6 | All | All |
| Application | Mozilla | Seamonkey | 2.12.1 | All | All | All |
| Application | Mozilla | Seamonkey | 2.13 | All | All | All |
| Application | Mozilla | Seamonkey | 2.13 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.13 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.13 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.13 | beta4 | All | All |
| Application | Mozilla | Seamonkey | 2.13 | beta5 | All | All |
| Application | Mozilla | Seamonkey | 2.13 | beta6 | All | All |
| Application | Mozilla | Seamonkey | 2.13.1 | All | All | All |
| Application | Mozilla | Seamonkey | 2.13.2 | All | All | All |
| Application | Mozilla | Seamonkey | 2.14 | All | All | All |
| Application | Mozilla | Seamonkey | 2.14 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.14 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.14 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.14 | beta4 | All | All |
| Application | Mozilla | Seamonkey | 2.14 | beta5 | All | All |
| Application | Mozilla | Seamonkey | 2.15 | All | All | All |
| Application | Mozilla | Seamonkey | 2.15 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.15 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.15 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.15 | beta4 | All | All |
| Application | Mozilla | Seamonkey | 2.15 | beta5 | All | All |
| Application | Mozilla | Seamonkey | 2.15 | beta6 | All | All |
| Application | Mozilla | Seamonkey | 2.15.1 | All | All | All |
| Application | Mozilla | Seamonkey | 2.15.2 | All | All | All |
| Application | Mozilla | Seamonkey | 2.16 | All | All | All |
| Application | Mozilla | Seamonkey | 2.16 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.16 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.16 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.16 | beta4 | All | All |
| Application | Mozilla | Seamonkey | 2.16 | beta5 | All | All |
| Application | Mozilla | Seamonkey | 2.16.1 | All | All | All |
| Application | Mozilla | Seamonkey | 2.16.2 | All | All | All |
| Application | Mozilla | Seamonkey | 2.17 | All | All | All |
| Application | Mozilla | Seamonkey | 2.17 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.17 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.17 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.17 | beta4 | All | All |
| Application | Mozilla | Seamonkey | 2.17.1 | All | All | All |
| Application | Mozilla | Seamonkey | 2.18 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.18 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.18 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.18 | beta4 | All | All |
| Application | Mozilla | Seamonkey | 2.19 | All | All | All |
| Application | Mozilla | Seamonkey | 2.19 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.19 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.2 | All | All | All |
| Application | Mozilla | Seamonkey | 2.2 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.2 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.2 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.20 | All | All | All |
| Application | Mozilla | Seamonkey | 2.20 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.20 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.20 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.21 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.21 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.22 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.22 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.22.1 | All | All | All |
| Application | Mozilla | Seamonkey | 2.23 | All | All | All |
| Application | Mozilla | Seamonkey | 2.23 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.24 | All | All | All |
| Application | Mozilla | Seamonkey | 2.24 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.25 | - | All | All |
| Application | Mozilla | Seamonkey | 2.25 | beta1 | All | All |
| Application | Mozilla | Seamonkey | 2.25 | beta2 | All | All |
| Application | Mozilla | Seamonkey | 2.25 | beta3 | All | All |
| Application | Mozilla | Seamonkey | 2.26 | - | All | All |
| Application | Mozilla | Seamonkey | 2.26 | rc1 | All | All |
| Application | Mozilla | Seamonkey | All | - | All | All |
| Application | Mozilla | Thunderbird | 31.0 | All | All | All |
| Application | Mozilla | Thunderbird | 31.1.0 | All | All | All |
| Application | Mozilla | Thunderbird | 31.1.1 | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView - Juniper Networks | af854a3a-2127-422b-91ae-364da2661108 | kb.juniper.net | |
| USN-2360-1: Firefox vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Gentoo Security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Oracle VM Server for x86 Bulletin - July 2016 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| Debian -- Security Information -- DSA-3033-1 nss | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Oracle Critical Patch Update - July 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| USN-2360-2: Thunderbird vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| Debian -- Security Information -- DSA-3037-1 icedove | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Access Denied | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Vendor Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Support | OES11 SP2, OES11SP1, OES2 SP3 vulnerability with GNU Bash Remote Code Execution (aka ShellShock) and Mozilla NSS vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.novell.com | |
| Oracle Critical Patch Update - April 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| Chrome Releases: Stable Channel Update for Chrome OS | af854a3a-2127-422b-91ae-364da2661108 | googlechromereleases.blogspot.com | |
| [security-announce] openSUSE-SU-2014:1232-1: critical: mozilla-nss: upda | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Juniper Networks - 2015-10 Security Bulletin: Junos Space: Multiple Vulnerabilities in Junos Space - Knowledge Base | af854a3a-2127-422b-91ae-364da2661108 | kb.juniper.net | |
| RSA Signature Forgery in NSS — Mozilla | af854a3a-2127-422b-91ae-364da2661108 | www.mozilla.org | Vendor Advisory |
| [security-announce] openSUSE-SU-2014:1224-1: critical: NSS update to avo | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| 1064636 – (CVE-2014-1568) RSA PKCS#1 signature verification forgery is possible due to too-permissive SignatureAlgorithm parameter parsing | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | |
| Chrome Releases: Stable Channel Update | af854a3a-2127-422b-91ae-364da2661108 | googlechromereleases.blogspot.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| Debian -- Security Information -- DSA-3034-1 iceweasel | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| USN-2361-1: NSS vulnerability | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| Oracle Critical Patch Update - January 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| [security-announce] SUSE-SU-2014:1220-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| Vulnerability Note VU#772676 - Mozilla Network Security Services (NSS) fails to properly verify RSA signatures | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | US Government Resource |
| Oracle Solaris Bulletin - April 2016 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 390279 Oracle Managed Virtualization (VM) Server for x86 Security Update for nss (OVMSA-2023-0014)