The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.

Published : 2013-11-18 05:23 Updated : 2018-10-09 19:34

CVSS Score More info
Score 5.8 / 10
Vendor Product Version URI
Mozilla Network Security Services 3.15.1 cpe:/a:mozilla:network_security_services:3.15.1
Mozilla Network Security Services 3.15 cpe:/a:mozilla:network_security_services:3.15
Mozilla Network Security Services 3.15.2 cpe:/a:mozilla:network_security_services:3.15.2
  1. Mozilla (1) Search CVE
    1. Network Security Services (3) Search CVE
      1. 3.15.1
      2. 3.15
      3. 3.15.2


ID Name Description Links
CWE-264 Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. CVE