First published: Thu Sep 25 2014(Updated: )
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Google Chrome | <=37.0.2062.120 | |
Apple Mac OS X | ||
Microsoft Windows | ||
Mozilla Firefox | <=32.0 | |
Mozilla Firefox | =32.0.1 | |
Mozilla Firefox | =32.0.2 | |
Mozilla Firefox ESR | =24.8.0 | |
Mozilla Firefox ESR | =31.0 | |
Mozilla Firefox ESR | =31.1.0 | |
Mozilla Network Security Services | <=3.16.2.0 | |
Mozilla Network Security Services | =3.2 | |
Mozilla Network Security Services | =3.2.1 | |
Mozilla Network Security Services | =3.3 | |
Mozilla Network Security Services | =3.3.1 | |
Mozilla Network Security Services | =3.3.2 | |
Mozilla Network Security Services | =3.4 | |
Mozilla Network Security Services | =3.4.1 | |
Mozilla Network Security Services | =3.4.2 | |
Mozilla Network Security Services | =3.5 | |
Mozilla Network Security Services | =3.6 | |
Mozilla Network Security Services | =3.6.1 | |
Mozilla Network Security Services | =3.7 | |
Mozilla Network Security Services | =3.7.1 | |
Mozilla Network Security Services | =3.7.2 | |
Mozilla Network Security Services | =3.7.3 | |
Mozilla Network Security Services | =3.7.5 | |
Mozilla Network Security Services | =3.7.7 | |
Mozilla Network Security Services | =3.8 | |
Mozilla Network Security Services | =3.9 | |
Mozilla Network Security Services | =3.11.2 | |
Mozilla Network Security Services | =3.11.3 | |
Mozilla Network Security Services | =3.11.4 | |
Mozilla Network Security Services | =3.11.5 | |
Mozilla Network Security Services | =3.12 | |
Mozilla Network Security Services | =3.12.1 | |
Mozilla Network Security Services | =3.12.2 | |
Mozilla Network Security Services | =3.12.3 | |
Mozilla Network Security Services | =3.12.3.1 | |
Mozilla Network Security Services | =3.12.3.2 | |
Mozilla Network Security Services | =3.12.4 | |
Mozilla Network Security Services | =3.12.5 | |
Mozilla Network Security Services | =3.12.6 | |
Mozilla Network Security Services | =3.12.7 | |
Mozilla Network Security Services | =3.12.8 | |
Mozilla Network Security Services | =3.12.9 | |
Mozilla Network Security Services | =3.12.10 | |
Mozilla Network Security Services | =3.12.11 | |
Mozilla Network Security Services | =3.14 | |
Mozilla Network Security Services | =3.14.1 | |
Mozilla Network Security Services | =3.14.2 | |
Mozilla Network Security Services | =3.14.3 | |
Mozilla Network Security Services | =3.14.4 | |
Mozilla Network Security Services | =3.14.5 | |
Mozilla Network Security Services | =3.15 | |
Mozilla Network Security Services | =3.15.1 | |
Mozilla Network Security Services | =3.15.2 | |
Mozilla Network Security Services | =3.15.3 | |
Mozilla Network Security Services | =3.15.3.1 | |
Mozilla Network Security Services | =3.15.4 | |
Mozilla Network Security Services | =3.15.5 | |
Mozilla Network Security Services | =3.16 | |
Mozilla Network Security Services | =3.16.1 | |
Mozilla Network Security Services | =3.16.3 | |
Mozilla Network Security Services | =3.16.4 | |
Mozilla SeaMonkey | ||
Mozilla SeaMonkey | <=2.29 | |
Mozilla SeaMonkey | =1.0 | |
Mozilla SeaMonkey | =1.0-alpha | |
Mozilla SeaMonkey | =1.0-beta | |
Mozilla SeaMonkey | =1.0.1 | |
Mozilla SeaMonkey | =1.0.2 | |
Mozilla SeaMonkey | =1.0.3 | |
Mozilla SeaMonkey | =1.0.4 | |
Mozilla SeaMonkey | =1.0.5 | |
Mozilla SeaMonkey | =1.0.6 | |
Mozilla SeaMonkey | =1.0.7 | |
Mozilla SeaMonkey | =1.0.8 | |
Mozilla SeaMonkey | =1.0.9 | |
Mozilla SeaMonkey | =1.1 | |
Mozilla SeaMonkey | =1.1-alpha | |
Mozilla SeaMonkey | =1.1-beta | |
Mozilla SeaMonkey | =1.1.1 | |
Mozilla SeaMonkey | =1.1.2 | |
Mozilla SeaMonkey | =1.1.3 | |
Mozilla SeaMonkey | =1.1.4 | |
Mozilla SeaMonkey | =1.1.5 | |
Mozilla SeaMonkey | =1.1.6 | |
Mozilla SeaMonkey | =1.1.7 | |
Mozilla SeaMonkey | =1.1.8 | |
Mozilla SeaMonkey | =1.1.9 | |
Mozilla SeaMonkey | =1.1.10 | |
Mozilla SeaMonkey | =1.1.11 | |
Mozilla SeaMonkey | =1.1.12 | |
Mozilla SeaMonkey | =1.1.13 | |
Mozilla SeaMonkey | =1.1.14 | |
Mozilla SeaMonkey | =1.1.15 | |
Mozilla SeaMonkey | =1.1.16 | |
Mozilla SeaMonkey | =1.1.17 | |
Mozilla SeaMonkey | =1.1.18 | |
Mozilla SeaMonkey | =1.1.19 | |
Mozilla SeaMonkey | =1.5.0.8 | |
Mozilla SeaMonkey | =1.5.0.9 | |
Mozilla SeaMonkey | =1.5.0.10 | |
Mozilla SeaMonkey | =2.0 | |
Mozilla SeaMonkey | =2.0-alpha_1 | |
Mozilla SeaMonkey | =2.0-alpha_2 | |
Mozilla SeaMonkey | =2.0-alpha_3 | |
Mozilla SeaMonkey | =2.0-beta_1 | |
Mozilla SeaMonkey | =2.0-beta_2 | |
Mozilla SeaMonkey | =2.0-rc1 | |
Mozilla SeaMonkey | =2.0-rc2 | |
Mozilla SeaMonkey | =2.0.1 | |
Mozilla SeaMonkey | =2.0.2 | |
Mozilla SeaMonkey | =2.0.3 | |
Mozilla SeaMonkey | =2.0.4 | |
Mozilla SeaMonkey | =2.0.5 | |
Mozilla SeaMonkey | =2.0.6 | |
Mozilla SeaMonkey | =2.0.7 | |
Mozilla SeaMonkey | =2.0.8 | |
Mozilla SeaMonkey | =2.0.9 | |
Mozilla SeaMonkey | =2.0.10 | |
Mozilla SeaMonkey | =2.0.11 | |
Mozilla SeaMonkey | =2.0.12 | |
Mozilla SeaMonkey | =2.0.13 | |
Mozilla SeaMonkey | =2.0.14 | |
Mozilla SeaMonkey | =2.1 | |
Mozilla SeaMonkey | =2.1-alpha1 | |
Mozilla SeaMonkey | =2.1-alpha2 | |
Mozilla SeaMonkey | =2.1-alpha3 | |
Mozilla SeaMonkey | =2.1-beta1 | |
Mozilla SeaMonkey | =2.1-beta2 | |
Mozilla SeaMonkey | =2.1-beta3 | |
Mozilla SeaMonkey | =2.1-rc1 | |
Mozilla SeaMonkey | =2.1-rc2 | |
Mozilla SeaMonkey | =2.2 | |
Mozilla SeaMonkey | =2.2-beta1 | |
Mozilla SeaMonkey | =2.2-beta2 | |
Mozilla SeaMonkey | =2.2-beta3 | |
Mozilla SeaMonkey | =2.10 | |
Mozilla SeaMonkey | =2.10-beta1 | |
Mozilla SeaMonkey | =2.10-beta2 | |
Mozilla SeaMonkey | =2.10-beta3 | |
Mozilla SeaMonkey | =2.10.1 | |
Mozilla SeaMonkey | =2.11 | |
Mozilla SeaMonkey | =2.11-beta1 | |
Mozilla SeaMonkey | =2.11-beta2 | |
Mozilla SeaMonkey | =2.11-beta3 | |
Mozilla SeaMonkey | =2.11-beta4 | |
Mozilla SeaMonkey | =2.11-beta5 | |
Mozilla SeaMonkey | =2.11-beta6 | |
Mozilla SeaMonkey | =2.12 | |
Mozilla SeaMonkey | =2.12-beta1 | |
Mozilla SeaMonkey | =2.12-beta2 | |
Mozilla SeaMonkey | =2.12-beta3 | |
Mozilla SeaMonkey | =2.12-beta4 | |
Mozilla SeaMonkey | =2.12-beta5 | |
Mozilla SeaMonkey | =2.12-beta6 | |
Mozilla SeaMonkey | =2.12.1 | |
Mozilla SeaMonkey | =2.13 | |
Mozilla SeaMonkey | =2.13-beta1 | |
Mozilla SeaMonkey | =2.13-beta2 | |
Mozilla SeaMonkey | =2.13-beta3 | |
Mozilla SeaMonkey | =2.13-beta4 | |
Mozilla SeaMonkey | =2.13-beta5 | |
Mozilla SeaMonkey | =2.13-beta6 | |
Mozilla SeaMonkey | =2.13.1 | |
Mozilla SeaMonkey | =2.13.2 | |
Mozilla SeaMonkey | =2.14 | |
Mozilla SeaMonkey | =2.14-beta1 | |
Mozilla SeaMonkey | =2.14-beta2 | |
Mozilla SeaMonkey | =2.14-beta3 | |
Mozilla SeaMonkey | =2.14-beta4 | |
Mozilla SeaMonkey | =2.14-beta5 | |
Mozilla SeaMonkey | =2.15 | |
Mozilla SeaMonkey | =2.15-beta1 | |
Mozilla SeaMonkey | =2.15-beta2 | |
Mozilla SeaMonkey | =2.15-beta3 | |
Mozilla SeaMonkey | =2.15-beta4 | |
Mozilla SeaMonkey | =2.15-beta5 | |
Mozilla SeaMonkey | =2.15-beta6 | |
Mozilla SeaMonkey | =2.15.1 | |
Mozilla SeaMonkey | =2.15.2 | |
Mozilla SeaMonkey | =2.16 | |
Mozilla SeaMonkey | =2.16-beta1 | |
Mozilla SeaMonkey | =2.16-beta2 | |
Mozilla SeaMonkey | =2.16-beta3 | |
Mozilla SeaMonkey | =2.16-beta4 | |
Mozilla SeaMonkey | =2.16-beta5 | |
Mozilla SeaMonkey | =2.16.1 | |
Mozilla SeaMonkey | =2.16.2 | |
Mozilla SeaMonkey | =2.17 | |
Mozilla SeaMonkey | =2.17-beta1 | |
Mozilla SeaMonkey | =2.17-beta2 | |
Mozilla SeaMonkey | =2.17-beta3 | |
Mozilla SeaMonkey | =2.17-beta4 | |
Mozilla SeaMonkey | =2.17.1 | |
Mozilla SeaMonkey | =2.18-beta1 | |
Mozilla SeaMonkey | =2.18-beta2 | |
Mozilla SeaMonkey | =2.18-beta3 | |
Mozilla SeaMonkey | =2.18-beta4 | |
Mozilla SeaMonkey | =2.19 | |
Mozilla SeaMonkey | =2.19-beta1 | |
Mozilla SeaMonkey | =2.19-beta2 | |
Mozilla SeaMonkey | =2.20 | |
Mozilla SeaMonkey | =2.20-beta1 | |
Mozilla SeaMonkey | =2.20-beta2 | |
Mozilla SeaMonkey | =2.20-beta3 | |
Mozilla SeaMonkey | =2.21-beta1 | |
Mozilla SeaMonkey | =2.21-beta2 | |
Mozilla SeaMonkey | =2.22-beta1 | |
Mozilla SeaMonkey | =2.22-beta2 | |
Mozilla SeaMonkey | =2.22.1 | |
Mozilla SeaMonkey | =2.23 | |
Mozilla SeaMonkey | =2.23-beta1 | |
Mozilla SeaMonkey | =2.24 | |
Mozilla SeaMonkey | =2.24-beta1 | |
Mozilla SeaMonkey | =2.25 | |
Mozilla SeaMonkey | =2.25-beta1 | |
Mozilla SeaMonkey | =2.25-beta2 | |
Mozilla SeaMonkey | =2.25-beta3 | |
Mozilla SeaMonkey | =2.26 | |
Mozilla SeaMonkey | =2.26-rc1 | |
Mozilla Thunderbird | <=24.8.0 | |
Mozilla Thunderbird | =31.0 | |
Mozilla Thunderbird | =31.1.0 | |
Mozilla Thunderbird | =31.1.1 | |
Google Chrome | <=37.0.2062.103 | |
Google Chrome | =37.0.2062.0 | |
Google Chrome | =37.0.2062.3 | |
Google Chrome | =37.0.2062.20 | |
Google Chrome | =37.0.2062.100 | |
Google Chrome | =37.0.2062.102 | |
Google Chrome OS | ||
All of | ||
Google Chrome | <=37.0.2062.120 | |
Any of | ||
Apple Mac OS X | ||
Microsoft Windows | ||
Mozilla Firefox | =31.0 | |
Mozilla Firefox | =31.1.0 | |
All of | ||
Any of | ||
Google Chrome | <=37.0.2062.103 | |
Google Chrome | =37.0.2062.0 | |
Google Chrome | =37.0.2062.3 | |
Google Chrome | =37.0.2062.20 | |
Google Chrome | =37.0.2062.100 | |
Google Chrome | =37.0.2062.102 | |
Google Chrome OS | ||
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.