REDHAT-BUG-2343764
First published: Tue Feb 04 2025(Updated: )
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <135 | |
| Mozilla Firefox ESR | <128.7 | |
| Mozilla Thunderbird | <128.7<135 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2025:1066
- https://access.redhat.com/errata/RHSA-2025:1133
- https://access.redhat.com/errata/RHSA-2025:1135
- https://access.redhat.com/errata/RHSA-2025:1138
- https://access.redhat.com/errata/RHSA-2025:1136
- https://access.redhat.com/errata/RHSA-2025:1132
- https://access.redhat.com/errata/RHSA-2025:1137
- https://access.redhat.com/errata/RHSA-2025:1139
- https://access.redhat.com/errata/RHSA-2025:1140
- https://access.redhat.com/errata/RHSA-2025:1184
- https://access.redhat.com/errata/RHSA-2025:1283
- https://access.redhat.com/errata/RHSA-2025:1292
- https://access.redhat.com/errata/RHSA-2025:1319
- https://access.redhat.com/errata/RHSA-2025:1317
- https://access.redhat.com/errata/RHSA-2025:1318
- https://access.redhat.com/errata/RHSA-2025:1339
- https://access.redhat.com/errata/RHSA-2025:1340
- https://access.redhat.com/errata/RHSA-2025:1341
- https://access.redhat.com/errata/RHSA-2025:1348
- https://bugzilla.redhat.com/show_bug.cgi?id=2343764
Frequently Asked Questions
What is the severity of REDHAT-BUG-2343764?
The severity of REDHAT-BUG-2343764 is considered to be high due to improper certificate length checks.
How do I fix REDHAT-BUG-2343764?
To fix REDHAT-BUG-2343764, update to the latest versions of Firefox, Firefox ESR, or Thunderbird as applicable.
Which software is affected by REDHAT-BUG-2343764?
REDHAT-BUG-2343764 affects Firefox versions less than 135, Firefox ESR versions less than 128.7, and Thunderbird versions less than 135.
Is there a workaround for REDHAT-BUG-2343764?
Currently, there are no official workarounds for REDHAT-BUG-2343764 other than applying the updates.
What risks does REDHAT-BUG-2343764 pose to users?
REDHAT-BUG-2343764 poses risks of trust issues in processing certificates, potentially leading to security vulnerabilities.
- agent/source
- agent/severity
- agent/first-publish-date
- agent/description
- agent/type
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/references
- agent/last-modified-date
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-1014
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla firefox esr
- canonical/mozilla thunderbird