Mozilla

Mozilla

Mozilla Foundation Security Advisory 2014-18

crypto.generateCRMFRequest does not validate type of key

Announced
March 18, 2014
Reporter
David Keeler
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 28
  • SeaMonkey 2.25

Description

Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack.

References