Launchpad.net

CVE 2014-1492

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Related bugs and status

CVE-2014-1492 (Candidate) is related to these bugs:

Bug #469752: firefox,3.5/3.6 startup-notification bug

		In	Importance	Status
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu)	Medium	Invalid
469752	firefox,3.5/3.6 startup-notification bug	Mozilla Firefox	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Suse)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu Lucid)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu Lucid)	Medium	Invalid

Bug #1258286: CAcert should not be trusted by default

		In	Importance	Status
1258286	CAcert should not be trusted by default	ca-certificates (Ubuntu)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	nss (Ubuntu)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	ca-certificates (Debian)	Unknown	Fix Released
1258286	CAcert should not be trusted by default	ca-certificates (Ubuntu Quantal)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	nss (Ubuntu Quantal)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	ca-certificates (Ubuntu Saucy)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	nss (Ubuntu Saucy)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	ca-certificates (Ubuntu Trusty)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	nss (Ubuntu Trusty)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	ca-certificates (Ubuntu Lucid)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	nss (Ubuntu Lucid)	Undecided	Invalid
1258286	CAcert should not be trusted by default	ca-certificates (Ubuntu Precise)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	nss (Ubuntu Precise)	Undecided	Fix Released
1258286	CAcert should not be trusted by default	ca-certificates-java (Ubuntu)	High	Fix Released
1258286	CAcert should not be trusted by default	ca-certificates-java (Ubuntu Lucid)	Undecided	Invalid
1258286	CAcert should not be trusted by default	ca-certificates-java (Ubuntu Precise)	Undecided	Invalid
1258286	CAcert should not be trusted by default	ca-certificates-java (Ubuntu Quantal)	Undecided	Won't Fix
1258286	CAcert should not be trusted by default	ca-certificates-java (Ubuntu Saucy)	Undecided	Won't Fix
1258286	CAcert should not be trusted by default	ca-certificates-java (Ubuntu Trusty)	High	Fix Released
1258286	CAcert should not be trusted by default	ca-certificates-java (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-1492

Related bugs and status

Related bugs

References