Описание
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 3.12.3.1-0ubuntu1 |
| hardy | released | 3.12.3.1-0ubuntu0.8.04.1 |
| intrepid | released | 3.12.3.1-0ubuntu0.8.10.1 |
| jaunty | released | 3.12.3.1-0ubuntu0.9.04.1 |
| upstream | released | 3.12.3.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | |
| devel | not-affected | |
| hardy | not-affected | |
| intrepid | not-affected | |
| jaunty | not-affected | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | not-affected | |
| intrepid | not-affected | |
| jaunty | not-affected | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | not-affected | |
| intrepid | not-affected | |
| jaunty | not-affected | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | not-affected | |
| upstream | needs-triage |
Показывать по
EPSS
6.8 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
ELSA-2009-1186: nspr and nss security, bug fix, and enhancement update (CRITICAL)
EPSS
6.8 Medium
CVSS2
5.9 Medium
CVSS3