CVE-2014-1544

Published: Jul 23, 2014Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.

Affected (71)

Products: Mozilla: Firefox, Firefox Esr, Network Security Services, Thunderbird

Mozilla

4 products

Firefox

Firefox Esr

Network Security Services

Thunderbird

Configuration A

71 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 30.0
Mozilla Firefox	Version 24.0.1
Mozilla Firefox	Version 24.0.2
Mozilla Firefox	Version 24.0
Mozilla Firefox	Version 24.1.0
Mozilla Firefox	Version 24.1.1
Mozilla Firefox Esr	Version 24.2
Mozilla Firefox Esr	Version 24.3
Mozilla Firefox Esr	Version 24.4
Mozilla Firefox Esr	Version 24.5
Mozilla Firefox Esr	Version 24.6
Mozilla Network Security Services	Version 3.11.2
Mozilla Network Security Services	Version 3.11.3
Mozilla Network Security Services	Version 3.11.4
Mozilla Network Security Services	Version 3.11.5
Mozilla Network Security Services	Version 3.12.10
Mozilla Network Security Services	Version 3.12.11
Mozilla Network Security Services	Version 3.12.1
Mozilla Network Security Services	Version 3.12.2
Mozilla Network Security Services	Version 3.12.3.1
Mozilla Network Security Services	Version 3.12.3.2
Mozilla Network Security Services	Version 3.12.3
Mozilla Network Security Services	Version 3.12.4
Mozilla Network Security Services	Version 3.12.5
Mozilla Network Security Services	Version 3.12.6
Mozilla Network Security Services	Version 3.12.7
Mozilla Network Security Services	Version 3.12.8
Mozilla Network Security Services	Version 3.12.9
Mozilla Network Security Services	Version 3.12
Mozilla Network Security Services	Version 3.14.1
Mozilla Network Security Services	Version 3.14.2
Mozilla Network Security Services	Version 3.14.3
Mozilla Network Security Services	Version 3.14.4
Mozilla Network Security Services	Version 3.14.5
Mozilla Network Security Services	Version 3.14
Mozilla Network Security Services	Version 3.15.1
Mozilla Network Security Services	Version 3.15.2
Mozilla Network Security Services	Version 3.15.3.1
Mozilla Network Security Services	Version 3.15.3
Mozilla Network Security Services	Version 3.15.4
Mozilla Network Security Services	Version 3.15.5
Mozilla Network Security Services	Version 3.15
Mozilla Network Security Services	Version 3.16
Mozilla Network Security Services	Version 3.2.1
Mozilla Network Security Services	Version 3.2
Mozilla Network Security Services	Version 3.3.1
Mozilla Network Security Services	Version 3.3.2
Mozilla Network Security Services	Version 3.3
Mozilla Network Security Services	Version 3.4.1
Mozilla Network Security Services	Version 3.4.2
Mozilla Network Security Services	Version 3.4
Mozilla Network Security Services	Version 3.5
Mozilla Network Security Services	Version 3.6.1
Mozilla Network Security Services	Version 3.6
Mozilla Network Security Services	Version 3.7.1
Mozilla Network Security Services	Version 3.7.2
Mozilla Network Security Services	Version 3.7.3
Mozilla Network Security Services	Version 3.7.5
Mozilla Network Security Services	Version 3.7.7
Mozilla Network Security Services	Version 3.7
Mozilla Network Security Services	Version 3.8
Mozilla Network Security Services	Version 3.9
Mozilla Thunderbird	Up to 24.6
Mozilla Thunderbird	Version 24.0.1
Mozilla Thunderbird	Version 24.0
Mozilla Thunderbird	Version 24.1.1
Mozilla Thunderbird	Version 24.1
Mozilla Thunderbird	Version 24.2
Mozilla Thunderbird	Version 24.3
Mozilla Thunderbird	Version 24.4
Mozilla Thunderbird	Version 24.5