VDB
GCVE-110-MAGEIA-2014-507
GCVE-110-MAGEIA-2014-507
Advisory Published
Updated nss, firefox, and thunderbird packages fix security vulnerabilities:
In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths
is too permissive, allowing undetected smuggling of arbitrary data
(CVE-2014-1569).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to
crash or, potentially, execute arbitrary code with the privileges of the
user running it (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592,
CVE-2014-1593).
A flaw was found in the Alarm API, which could allow applications to
schedule actions to be run in the future. A malicious web application could
use this flaw to bypass the same-origin policy (CVE-2014-1594).
This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV) in NSS, which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails. This can prevent a forceful downgrade of
the communication to SSL 3.0, mitigating CVE-2014-3566, also known as
POODLE. SSL 3.0 support has also been disabled by default in this Firefox
and Thunderbird update, further mitigating POODLE.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | rootcerts | 0 (affected), 20141117.00-1.mga4 (unaffected) | — |
| Mageia | thunderbird | 0 (affected), 31.3.0-1.mga4 (unaffected) | — |
| Mageia | firefox-l10n | 0 (affected), 31.3.0-1.mga4 (unaffected) | — |
| Mageia | thunderbird-l10n | 0 (affected), 31.3.0-1.mga4 (unaffected) | — |
| Mageia | firefox | 0 (affected), 31.3.0-1.mga4 (unaffected) | — |
| Mageia | nss | 3.17.3-1.mga4 (unaffected), 0 (affected) | — |
References
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.