CVE-2014-1544

Name	CVE-2014-1544
Description	Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-89-1, DSA-2986-1, DSA-2996-1, DSA-3071-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
icedove (PTS)	jessie	1:52.3.0-4~deb8u2	fixed
nss (PTS)	jessie, jessie (lts)	2:3.26-1+debu8u19	fixed
	stretch (security)	2:3.26.2-1.1+deb9u5	fixed
	stretch (lts), stretch	2:3.26.2-1.1+deb9u8	fixed
	buster, buster (lts)	2:3.42.1-1+deb10u9	fixed
	buster (security)	2:3.42.1-1+deb10u8	fixed
	bullseye	2:3.61-1+deb11u3	fixed
	bullseye (security)	2:3.61-1+deb11u4	fixed
	bookworm	2:3.87.1-1	fixed
	bookworm (security)	2:3.87.1-1+deb12u1	fixed
	trixie	2:3.105-2	fixed
	sid	2:3.106-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
icedove	source	squeeze	(unfixed)	end-of-life
icedove	source	wheezy	24.7.0-1~deb7u1		DSA-2996-1
icedove	source	(unstable)	31.2.0-1
iceweasel	source	squeeze	(unfixed)	end-of-life
iceweasel	source	wheezy	24.7.0esr-1~deb7u1		DSA-2986-1
iceweasel	source	(unstable)	31.0-1
nss	source	squeeze	3.12.8-1+squeeze10		DLA-89-1
nss	source	wheezy	2:3.14.5-1+deb7u3		DSA-3071-1
nss	source	(unstable)	2:3.16.3-1

patch: https://hg.mozilla.org/projects/nss/rev/204f22c527f8
http://www.mozilla.org/security/announce/2014/mfsa2014-63.html