Signature Detail
Short Name |
SSL:MOZILLA-NSS-RSA-SIG-FORGERY |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
SSL |
Keywords |
Mozilla Network Security Services RSA Signature Forgery |
Release Date |
2014/11/05 |
Update Number |
2438 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSL: Mozilla Network Security Services RSA Signature Forgery
Mozilla's Network Security Services suffer from signature forgery. The vulnerability is a result of improper verification of RSA signatures due to incorrect ASN.1 parsing. A remote attacker could exploit this vulnerability by providing a forged certificate.
References
- BugTraq: 70116
- CVE: CVE-2014-1568