Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-0812

Опубликовано: 31 мар. 2015
Источник: redhat
CVSS2: 5.1

Описание

Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.

Отчет

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-306
https://bugzilla.redhat.com/show_bug.cgi?id=1207071Mozilla: Add-on lightweight theme installation approval bypassed through MITM attack (MFSA 2015-32)

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-0812

ubuntu
около 10 лет назад

Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.

nvd логотип

CVE-2015-0812

nvd
около 10 лет назад

Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.

debian логотип

CVE-2015-0812

debian
около 10 лет назад

Mozilla Firefox before 37.0 does not require an HTTPS session for ligh ...

github логотип

GHSA-xp29-g429-j593

github
около 3 лет назад

Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.

fstec логотип

BDU:2015-09887

fstec
около 10 лет назад

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику обойти ограничения безопасности

5.1 Medium

CVSS2