Search for vulnerabilities
| Vulnerability ID | VCID-8yk7-za7y-9bd5 |
| Aliases |
CVE-2014-1490
|
| Summary | Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping on affected platforms. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| CWE-416 | Use After Free |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1490.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2014-1490 | ||
| 1060953 | https://bugzilla.redhat.com/show_bug.cgi?id=1060953 | |
| CVE-2014-1490 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490 | |
| mfsa2014-12 | https://www.mozilla.org/en-US/security/advisories/mfsa2014-12 | |
| RHSA-2014:0917 | https://access.redhat.com/errata/RHSA-2014:0917 | |
| RHSA-2014:1246 | https://access.redhat.com/errata/RHSA-2014:1246 | |
| USN-2102-1 | https://usn.ubuntu.com/2102-1/ | |
| USN-2119-1 | https://usn.ubuntu.com/2119-1/ |
| Percentile | 0.74957 |
| EPSS Score | 0.00915 |
| Published At | July 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:10:45.893404+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-12.md | 37.0.0 |