CVE-2014-1492
CVE-2014-1492
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.htmlhttp://lists.opensuse.org/opensuse-updates/2014-05/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2014-05/msg00033.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=903885https://bugzilla.redhat.com/show_bug.cgi?id=1079851https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_noteshttp://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/59866http://secunia.com/advisories/60621