CVE-2014-1498

CVE Database · CVE-2014-1498

CVE-2014-1498

· N/AModified

CVSS v3.1

N/A

EPSS

1.78%

Published

Mar 19, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.

Weaknesses (CWE)

CWE-347

Affected Products (10)

suse · linux_enterprise_desktopvulnerable

suse · linux_enterprise_servervulnerable

suse · linux_enterprise_software_development_kitvulnerable

oracle · solarisvulnerable

opensuse · opensusevulnerable

opensuse_project · opensusevulnerable

mozilla · seamonkey (up to 2.25)vulnerable

mozilla · firefox

References (16)