Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-j5xg-j8a3-d3fk
Vulnerability ID VCID-j5xg-j8a3-d3fk
Aliases CVE-2014-1492
Summary Security researcher Christian Heimes reported that the Network Security Services (NSS) library does not handle IDNA domain prefixes according to RFC 6125 for wildcard certificates. This leads to improper wildcard matching of domains when they should not be matched in compliance with the specification. This issue was fixed in NSS version 3.16.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-172 Encoding Error
CWE-697 Incorrect Comparison
CWE-295 Improper Certificate Validation
System Score Found at
epss 0.00829 https://api.first.org/data/v1/epss?cve=CVE-2014-1492
generic_textual none https://www.mozilla.org/en-US/security/advisories/mfsa2014-45
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1492.json
https://api.first.org/data/v1/epss?cve=CVE-2014-1492
1079851 https://bugzilla.redhat.com/show_bug.cgi?id=1079851
CVE-2014-1492 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
GLSA-201504-01 https://security.gentoo.org/glsa/201504-01
mfsa2014-45 https://www.mozilla.org/en-US/security/advisories/mfsa2014-45
RHSA-2014:0917 https://access.redhat.com/errata/RHSA-2014:0917
RHSA-2014:1073 https://access.redhat.com/errata/RHSA-2014:1073
RHSA-2014:1246 https://access.redhat.com/errata/RHSA-2014:1246
USN-2159-1 https://usn.ubuntu.com/2159-1/
USN-2185-1 https://usn.ubuntu.com/2185-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.74833
EPSS Score 0.00829
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:27:48.148651+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-45.md 38.6.0