CVE-2014-1544

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1410%

EPSS Percentile6.64th

Published2014年7月23日

Last Modified2026年5月6日

Vulnerability Description

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.

Affected Platforms (CPE)

📦

Mozilla

Firefox

<= 30.0

📦

Mozilla

Firefox

= 24.0

📦

Mozilla

Firefox

= 24.0.1

📦

Mozilla

Firefox

= 24.0.2

📦

Mozilla

Firefox

= 24.1.0

📦

Mozilla

Firefox

= 24.1.1

📦

Mozilla

Firefox Esr

= 24.2

📦

Mozilla

Firefox Esr

= 24.3

📦

Mozilla

Firefox Esr

= 24.4

📦

Mozilla

Firefox Esr

= 24.5

📦

Mozilla

Firefox Esr

= 24.6

📦

Mozilla

Network Security Services

= 3.2

📦

Mozilla

Network Security Services

= 3.2.1

📦

Mozilla

Network Security Services

= 3.3

📦

Mozilla

Network Security Services

= 3.3.1

📦

Mozilla

Network Security Services

= 3.3.2

📦

Mozilla

Network Security Services

= 3.4

📦

Mozilla

Network Security Services

= 3.4.1

📦

Mozilla

Network Security Services

= 3.4.2

📦

Mozilla

Network Security Services

= 3.5

📦

Mozilla

Network Security Services

= 3.6

📦

Mozilla

Network Security Services

= 3.6.1

📦

Mozilla

Network Security Services

= 3.7

📦

Mozilla

Network Security Services

= 3.7.1

📦

Mozilla

Network Security Services

= 3.7.2

📦

Mozilla

Network Security Services

= 3.7.3

📦

Mozilla

Network Security Services

= 3.7.5

📦

Mozilla

Network Security Services

= 3.7.7

📦

Mozilla

Network Security Services

= 3.8

📦

Mozilla

Network Security Services

= 3.9

📦

Mozilla

Network Security Services

= 3.11.2

📦

Mozilla

Network Security Services

= 3.11.3

📦

Mozilla

Network Security Services

= 3.11.4

📦

Mozilla

Network Security Services

= 3.11.5

📦

Mozilla

Network Security Services

= 3.12

📦

Mozilla

Network Security Services

= 3.12.1

📦

Mozilla

Network Security Services

= 3.12.2

📦

Mozilla

Network Security Services

= 3.12.3

📦

Mozilla

Network Security Services

= 3.12.3.1

📦

Mozilla

Network Security Services

= 3.12.3.2

📦

Mozilla

Network Security Services

= 3.12.4

📦

Mozilla

Network Security Services

= 3.12.5

📦

Mozilla

Network Security Services

= 3.12.6

📦

Mozilla

Network Security Services

= 3.12.7

📦

Mozilla

Network Security Services

= 3.12.8

📦

Mozilla

Network Security Services

= 3.12.9

📦

Mozilla

Network Security Services

= 3.12.10

📦

Mozilla

Network Security Services

= 3.12.11

📦

Mozilla

Network Security Services

= 3.14

📦

Mozilla

Network Security Services

= 3.14.1

📦

Mozilla

Network Security Services

= 3.14.2

📦

Mozilla

Network Security Services

= 3.14.3

📦

Mozilla

Network Security Services

= 3.14.4

📦

Mozilla

Network Security Services

= 3.14.5

📦

Mozilla

Network Security Services

= 3.15

📦

Mozilla

Network Security Services

= 3.15.1

📦

Mozilla

Network Security Services

= 3.15.2

📦

Mozilla

Network Security Services

= 3.15.3

📦

Mozilla

Network Security Services

= 3.15.3.1

📦

Mozilla

Network Security Services

= 3.15.4

📦

Mozilla

Network Security Services

= 3.15.5

📦

Mozilla

Network Security Services

= 3.16

📦

Mozilla

Thunderbird

<= 24.6

📦

Mozilla

Thunderbird

= 24.0

📦

Mozilla

Thunderbird

= 24.0.1

📦

Mozilla

Thunderbird

= 24.1

📦

Mozilla

Thunderbird

= 24.1.1

📦

Mozilla

Thunderbird

= 24.2

📦

Mozilla

Thunderbird

= 24.3

📦

Mozilla

Thunderbird

= 24.4

📦

Mozilla

Thunderbird

= 24.5

References & Advisories

🔗 http://secunia.com/advisories/59591

🔗 http://secunia.com/advisories/59719

🔗 http://secunia.com/advisories/59760

🔗 http://secunia.com/advisories/60083

🔗 http://secunia.com/advisories/60486

🔗 http://secunia.com/advisories/60621

🔗 http://secunia.com/advisories/60628

🔗 http://www.debian.org/security/2014/dsa-2986

Vulnerability Description

Affected Platforms (CPE)

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox

Firefox Esr

Firefox Esr

Firefox Esr

Firefox Esr

Firefox Esr

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Network Security Services

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

Thunderbird

References & Advisories

相关漏洞威胁