Vigil@nce - NSS: useless warnings
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Applications linked to NSS can display useless warning messages,
so users gets used to ignore messages.
Impacted products: NSS, Ubuntu
Severity: 1/4
Creation date: 20/02/2015
DESCRIPTION OF THE VULNERABILITY
The NSS product offers the pkix library, which manages
certificates.
A certification chain can have several branches, however the
pkix_List_BubbleSort() function can choose the longer branch with
intermediate certificates signed with a weak algorithm.
Applications linked to NSS can therefore display useless warning
messages, so users gets used to ignore messages.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/NSS-useless-warnings-16231