Search for vulnerabilities
Vulnerability details: VCID-mpbx-48aw-rbh2
Vulnerability ID VCID-mpbx-48aw-rbh2
Aliases CVE-2014-1544
Summary Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are still in use by the trusted cache. This crash is potentially exploitable. This issue was addressed in the Network Security Services (NSS) library in version 3.16.2, shipping on affected platforms.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2014-1544
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2014-63
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1544.json
https://api.first.org/data/v1/epss?cve=CVE-2014-1544
1116198 https://bugzilla.redhat.com/show_bug.cgi?id=1116198
CVE-2014-1544 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544
mfsa2014-63 https://www.mozilla.org/en-US/security/advisories/mfsa2014-63
RHSA-2014:0915 https://access.redhat.com/errata/RHSA-2014:0915
RHSA-2014:0916 https://access.redhat.com/errata/RHSA-2014:0916
RHSA-2014:0917 https://access.redhat.com/errata/RHSA-2014:0917
RHSA-2014:1165 https://access.redhat.com/errata/RHSA-2014:1165
USN-2295-1 https://usn.ubuntu.com/2295-1/
USN-2296-1 https://usn.ubuntu.com/2296-1/
USN-2343-1 https://usn.ubuntu.com/2343-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.86561
EPSS Score 0.03216
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:10:43.598816+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-63.md 37.0.0