Endpoint Vulnerability

crypto.generateCRMFRequest does not validate type of key

Description

Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack.

Affected Products

Firefox

References

CVE-2014-1498,