{"id":"MGASA-2014-0137","summary":"Updated nss, firefox and thunderbird packages fix security vulnerabilities","details":"In the NSS library before version 3.16, in a wildcard certificate, the\nwildcard character was embedded within the U-label of an internationalized\ndomain name, which is not in accordance with RFC 6125 (CVE-2014-1492).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox or Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning it (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514).\n\nSeveral information disclosure flaws were found in the way Firefox and\nThunderbird processed malformed web content. An attacker could use these\nflaws to gain access to sensitive information such as cross-domain content\nor protected memory addresses or, potentially, cause Firefox or Thunderbird\nto crash (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505).\n\nA memory corruption flaw was found in the way Firefox and Thunderbird\nrendered certain PDF files. An attacker able to trick a user into installing\na malicious extension could use this flaw to crash Firefox or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox or\nThunderbird (CVE-2014-1509).\n","modified":"2026-04-16T06:24:47.863046949Z","published":"2014-03-20T18:33:01Z","upstream":["CVE-2014-1492","CVE-2014-1493","CVE-2014-1497","CVE-2014-1505","CVE-2014-1508","CVE-2014-1509","CVE-2014-1510","CVE-2014-1511","CVE-2014-1512","CVE-2014-1513","CVE-2014-1514"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0137.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13042"},{"type":"WEB","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-15.html"},{"type":"WEB","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-17.html"},{"type":"WEB","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-26.html"},{"type":"WEB","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-27.html"},{"type":"WEB","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-28.html"},{"type":"WEB","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-29.html"},{"type":"WEB","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-30.html"},{"type":"WEB","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-31.html"},{"type":"WEB","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-32.html"},{"type":"WEB","url":"https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"},{"type":"WEB","url":"http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html"},{"type":"WEB","url":"https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2014-0310.html"}],"affected":[{"package":{"name":"rootcerts","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20140318.00-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.10.4-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"nss","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.16.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.4.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.4.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"thunderbird","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.4.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.4.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20140318.00-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.10.4-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"nss","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.16.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.4.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.4.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"thunderbird","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.4.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.4.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0137.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}