{"id":"MGASA-2014-0293","summary":"Updated nss, firefox and thunderbird packages fix security vulnerabilities","details":"A race condition was found in the way NSS verified certain certificates.\nA remote attacker could use this flaw to crash an application using NSS or,\npossibly, execute arbitrary code with the privileges of the user running\nthat application (CVE-2014-1544).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox or Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning it (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557).\n\nThe rootcerts and nss packages have been updated to NSS 3.16.3, and the\nfirefox and thunderbird packages have been updated to version 24.7.0, fixing\nthese issues.\n","modified":"2026-02-04T02:28:28.469562Z","published":"2014-07-26T11:32:13Z","related":["CVE-2014-1544","CVE-2014-1547","CVE-2014-1555","CVE-2014-1556","CVE-2014-1557"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0293.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13790"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-56.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-61.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-62.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-63.html"},{"type":"REPORT","url":"https://www.mozilla.org/security/announce/2014/mfsa2014-64.html"},{"type":"REPORT","url":"http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html"},{"type":"REPORT","url":"http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2014-0919.html"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2014-0918.html"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2014-0917.html"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.7.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.7.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"nss","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.16.3-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20140703.00-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"thunderbird","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.7.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.7.0-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.7.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.7.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"nss","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.16.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20140703.00-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"thunderbird","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.7.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.7.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0293.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}