SuSE Update For Mozilla-nss OpenSUSE-SU-2014:1232-1 (mozilla-nss) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates.

Affected

mozilla-nss on openSUSE 13.1, openSUSE 12.3

References

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1568

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

SLES10: Security update for enscript
SLES10: Security update for libtiff
SLES10: Security update for MozillaFirefox
SLES10: Security update for nagios
SLES10: Security update for IBM Java 1.5.0

SuSE Update for mozilla-nss openSUSE-SU-2014:1232-1 (mozilla-nss)

Take action and discover your vulnerabilities