Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-5284

Опубликовано: 22 сент. 2016
Источник: debian
EPSS Низкий

Описание

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed49.0-1package
firefox-esrfixed45.4.0esr-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/

  • https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/

EPSS

Процентиль: 63%
0.00462
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-5284

CVSS3: 7.4
ubuntu
почти 9 лет назад

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

redhat логотип

CVE-2016-5284

CVSS3: 7.4
redhat
почти 9 лет назад

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

nvd логотип

CVE-2016-5284

CVSS3: 7.4
nvd
почти 9 лет назад

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

github логотип

GHSA-2fqh-hxv3-hqmx

CVSS3: 7.4
github
больше 3 лет назад

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

fstec логотип

BDU:2021-04197

CVSS3: 7.4
fstec
почти 9 лет назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю подделывать обновления надстроек

EPSS

Процентиль: 63%
0.00462
Низкий