{"url":"http://public2.vulnerablecode.io/api/packages/1173?format=json","purl":"pkg:mozilla/Firefox%20ESR@24.8.1","type":"mozilla","namespace":"","name":"Firefox ESR","version":"24.8.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"31.1.0","latest_non_vulnerable_version":"140.11.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2725?format=json","vulnerability_id":"VCID-ca9j-qrnm-eqc3","summary":"Antoine Delignat-Lavaud, security researcher at Inria Paris\nin team Prosecco, reported an issue in Network Security Services (NSS) libraries\naffecting all versions. He discovered that NSS is vulnerable to a variant of a\nsignature forgery attack previously published by Daniel Bleichenbacher. This is\ndue to lenient parsing of ASN.1 values involved in a signature and could lead to\nthe forging of RSA certificates.The Advanced Threat Research team at Intel Security also independently\ndiscovered and reported this issue.These have been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1568.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1568.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1568","reference_id":"","reference_type":"","scores":[{"value":"0.336","scoring_system":"epss","scoring_elements":"0.97029","published_at":"2026-06-04T12:55:00Z"},{"value":"0.336","scoring_system":"epss","scoring_elements":"0.97032","published_at":"2026-06-05T12:55:00Z"},{"value":"0.336","scoring_system":"epss","scoring_elements":"0.97034","published_at":"2026-06-06T12:55:00Z"},{"value":"0.336","scoring_system":"epss","scoring_elements":"0.97036","published_at":"2026-06-08T12:55:00Z"},{"value":"0.336","scoring_system":"epss","scoring_elements":"0.9704","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1568"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145429","reference_id":"1145429","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145429"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568","reference_id":"CVE-2014-1568","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-73","reference_id":"mfsa2014-73","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-73"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1307","reference_id":"RHSA-2014:1307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1354","reference_id":"RHSA-2014:1354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1371","reference_id":"RHSA-2014:1371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1371"},{"reference_url":"https://usn.ubuntu.com/2360-1/","reference_id":"USN-2360-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2360-1/"},{"reference_url":"https://usn.ubuntu.com/2360-2/","reference_id":"USN-2360-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2360-2/"},{"reference_url":"https://usn.ubuntu.com/2361-1/","reference_id":"USN-2361-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2361-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1173?format=json","purl":"pkg:mozilla/Firefox%20ESR@24.8.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1174?format=json","purl":"pkg:mozilla/Firefox%20ESR@31.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.1.1"}],"aliases":["CVE-2014-1568"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca9j-qrnm-eqc3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.8.1"}