VIR Vulnerability Intelligence Relay

CVE-2014-1544

critical
Published 2014-07-23 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-1544

vendor Authored 2026-05-27

Vendor advisory: security@mozilla.org — http://www.mozilla.org/security/announce/2014/mfsa2014-63.html

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed2:3.16.3-1
debian debianbullseyefixed2:3.16.3-1
debian debianforkyfixed2:3.16.3-1
debian debiansidfixed2:3.16.3-1
debian debiantrixiefixed2:3.16.3-1

Application impact
VendorProductVersionsFixed
mozillafirefox{"endIncluding":"30.0"}
mozillafirefox24.0
mozillafirefox24.0.1
mozillafirefox24.0.2
mozillafirefox24.1.0
mozillafirefox24.1.1
mozillafirefox_esr24.2
mozillafirefox_esr24.3
mozillafirefox_esr24.4
mozillafirefox_esr24.5
mozillafirefox_esr24.6
mozillanetwork_security_services3.2
mozillanetwork_security_services3.2.1
mozillanetwork_security_services3.3
mozillanetwork_security_services3.3.1
mozillanetwork_security_services3.3.2
mozillanetwork_security_services3.4
mozillanetwork_security_services3.4.1
mozillanetwork_security_services3.4.2
mozillanetwork_security_services3.5
mozillanetwork_security_services3.6
mozillanetwork_security_services3.6.1
mozillanetwork_security_services3.7
mozillanetwork_security_services3.7.1
mozillanetwork_security_services3.7.2
mozillanetwork_security_services3.7.3
mozillanetwork_security_services3.7.5
mozillanetwork_security_services3.7.7
mozillanetwork_security_services3.8
mozillanetwork_security_services3.9
mozillanetwork_security_services3.11.2
mozillanetwork_security_services3.11.3
mozillanetwork_security_services3.11.4
mozillanetwork_security_services3.11.5
mozillanetwork_security_services3.12
mozillanetwork_security_services3.12.1
mozillanetwork_security_services3.12.2
mozillanetwork_security_services3.12.3
mozillanetwork_security_services3.12.3.1
mozillanetwork_security_services3.12.3.2
mozillanetwork_security_services3.12.4
mozillanetwork_security_services3.12.5
mozillanetwork_security_services3.12.6
mozillanetwork_security_services3.12.7
mozillanetwork_security_services3.12.8
mozillanetwork_security_services3.12.9
mozillanetwork_security_services3.12.10
mozillanetwork_security_services3.12.11
mozillanetwork_security_services3.14
mozillanetwork_security_services3.14.1
mozillanetwork_security_services3.14.2
mozillanetwork_security_services3.14.3
mozillanetwork_security_services3.14.4
mozillanetwork_security_services3.14.5
mozillanetwork_security_services3.15
mozillanetwork_security_services3.15.1
mozillanetwork_security_services3.15.2
mozillanetwork_security_services3.15.3
mozillanetwork_security_services3.15.3.1
mozillanetwork_security_services3.15.4
mozillanetwork_security_services3.15.5
mozillanetwork_security_services3.16
mozillathunderbird{"endIncluding":"24.6"}
mozillathunderbird24.0
mozillathunderbird24.0.1
mozillathunderbird24.1
mozillathunderbird24.1.1
mozillathunderbird24.2
mozillathunderbird24.3
mozillathunderbird24.4
mozillathunderbird24.5

References

Verify integrity in audit chain (admin only). AS-IS.