Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-1492

Published: 25 March 2014

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Notes

AuthorNote
jdstrand
Thunderbird 24.5 has nss 3.15.4

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(uses system nss)
precise Not vulnerable
(uses system nss)
quantal Not vulnerable
(uses system nss)
saucy Not vulnerable
(uses system nss)
trusty Does not exist
(trusty was not-affected [uses system nss])
upstream Needs triage

firefox
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life)
precise
Released (29.0+build1-0ubuntu0.12.04.2)
quantal
Released (29.0+build1-0ubuntu0.12.10.3)
saucy
Released (29.0+build1-0ubuntu0.13.10.3)
trusty
Released (29.0+build1-0ubuntu0.14.04.2)
upstream
Released (29.0)
nss
Launchpad, Ubuntu, Debian
lucid
Released (3.15.4-0ubuntu0.10.04.2)
precise
Released (3.15.4-0ubuntu0.12.04.2)
quantal
Released (3.15.4-0ubuntu0.12.10.2)
saucy
Released (2:3.15.4-0ubuntu0.13.10.2)
trusty
Released (2:3.15.4-1ubuntu7)
upstream
Released (3.16)
Patches:
upstream: https://hg.mozilla.org/projects/nss/rev/15ea62260c21
upstream: https://hg.mozilla.org/projects/nss/rev/2ffa40a3ff55
upstream: https://hg.mozilla.org/projects/nss/rev/709d4e597979
oxide-qt
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Does not exist

trusty Does not exist
(trusty was not-affected [uses system nss])
upstream Needs triage

thunderbird
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life)
precise Not vulnerable

quantal Ignored
(end of life)
saucy Ignored
(end of life)
trusty Does not exist
(trusty was not-affected)
upstream Needs triage