| Description: | Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgeryissue.MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcherat Inria Paris in team Prosecco, reported an issue in Network SecurityServices (NSS) libraries affecting all versions. He discovered that NSS isvulnerable to a variant of a signature forgery attack previously publishedby Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 valuesinvolved in a signature and could lead to the forging of RSA certificates.The Advanced Threat Research team at Intel Security also independentlydiscovered and reported this issue.Security Issues: * CVE-2014-1568 |