Search for vulnerabilities
| Vulnerability ID | VCID-hn37-qn3a-k3hz |
| Aliases |
CVE-2014-1492
|
| Summary | Security researcher Christian Heimes reported that the Network Security Services (NSS) library does not handle IDNA domain prefixes according to RFC 6125 for wildcard certificates. This leads to improper wildcard matching of domains when they should not be matched in compliance with the specification. This issue was fixed in NSS version 3.16. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 0.0 |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| CWE-172 | Encoding Error |
| CWE-697 | Incorrect Comparison |
| CWE-295 | Improper Certificate Validation |
| System | Score | Found at |
|---|---|---|
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| epss | 0.00852 | https://api.first.org/data/v1/epss?cve=CVE-2014-1492 |
| generic_textual | none | https://www.mozilla.org/en-US/security/advisories/mfsa2014-45 |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1492.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2014-1492 | ||
| 1079851 | https://bugzilla.redhat.com/show_bug.cgi?id=1079851 | |
| CVE-2014-1492 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492 | |
| mfsa2014-45 | https://www.mozilla.org/en-US/security/advisories/mfsa2014-45 | |
| RHSA-2014:0917 | https://access.redhat.com/errata/RHSA-2014:0917 | |
| RHSA-2014:1073 | https://access.redhat.com/errata/RHSA-2014:1073 | |
| RHSA-2014:1246 | https://access.redhat.com/errata/RHSA-2014:1246 | |
| USN-2159-1 | https://usn.ubuntu.com/2159-1/ | |
| USN-2185-1 | https://usn.ubuntu.com/2185-1/ |
| Percentile | 0.73991 |
| EPSS Score | 0.00852 |
| Published At | July 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:10:45.566165+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-45.md | 37.0.0 |