VDB

GCVE-110-MAGEIA-2014-507

GCVE-110-MAGEIA-2014-507
Advisory Published
Vulnetix · Advisory published December 3, 2014
Updated nss, firefox, and thunderbird packages fix security vulnerabilities: In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data (CVE-2014-1569). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593). A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy (CVE-2014-1594). This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV) in NSS, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0, mitigating CVE-2014-3566, also known as POODLE. SSL 3.0 support has also been disabled by default in this Firefox and Thunderbird update, further mitigating POODLE.

Affected Products

VendorProductVersionsPlatforms
Mageiarootcerts0 (affected), 20141117.00-1.mga4 (unaffected)
Mageiathunderbird0 (affected), 31.3.0-1.mga4 (unaffected)
Mageiafirefox-l10n0 (affected), 31.3.0-1.mga4 (unaffected)
Mageiathunderbird-l10n0 (affected), 31.3.0-1.mga4 (unaffected)
Mageiafirefox0 (affected), 31.3.0-1.mga4 (unaffected)
Mageianss3.17.3-1.mga4 (unaffected), 0 (affected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›