Mozilla Network Security Services (NSS) Library Vulnerability

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

Mozilla Network Security Services (NSS) Library Vulnerability [ 
https://www.us-cert.gov/ncas/current-activity/2014/09/24/Mozilla-Network-Security-Services-NSS-Library-Vulnerability ] 
09/24/2014 04:32 PM EDT 
Original release date: September 24, 2014

A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL 
certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and 
others. It is possible that other cryptographic libraries may be similarly affected.

US-CERT recommends users and administrators review Vulnerability Note VU#772676 [ http://www.kb.cert.org/vuls/id/772676 
], Mozilla Foundation Security Advisory 2014-73 [ https://www.mozilla.org/security/announce/2014/mfsa2014-73.html ], 
and Google Stable Channel Update Blog [ http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html 
] for additional information and mitigation details.

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]