Intrusion Prevention

Mozilla.Network.Security.Services.RSA.Signature.Forgery

Description

This indicates an attack attempt against a Cryptographic vulnerability in Mozilla Network Security Services.
The vulnerability is due to improper verification of cryptographic signatures in the affected library. A remote attacker may exploit this to access sensitive information via a forged certificate.

Affected Products

Mozilla Foundation Network Security Services prior to 3.16.2.1
Mozilla Foundation Network Security Services prior to 3.16.5
Mozilla Foundation Network Security Services prior to 3.17.1

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

CVE References

CVE-2014-1568