Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2013-6673

Опубликовано: 11 дек. 2013
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 5.9

Описание

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

РелизСтатусПримечание
devel

not-affected

lucid

ignored

end of life
precise

released

26.0+build2-0ubuntu0.12.04.2
quantal

released

26.0+build2-0ubuntu0.12.10.2
raring

released

26.0+build2-0ubuntu0.13.04.2
saucy

released

26.0+build2-0ubuntu0.13.10.2
upstream

released

26.0

Показывать по

РелизСтатусПримечание
devel

released

1:24.2.0+build1-0ubuntu1
lucid

ignored

end of life
precise

released

1:24.2.0+build1-0ubuntu0.12.04.1
quantal

released

1:24.2.0+build1-0ubuntu0.12.10.1
raring

released

1:24.2.0+build1-0ubuntu0.13.04.1
saucy

released

1:24.2.0+build1-0ubuntu0.13.10.1
upstream

released

24.2.0

Показывать по

Ссылки на источники

EPSS

Процентиль: 67%
0.00545
Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2013-6673

redhat
около 12 лет назад

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

nvd логотип

CVE-2013-6673

CVSS3: 5.9
nvd
около 12 лет назад

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

debian логотип

CVE-2013-6673

CVSS3: 5.9
debian
около 12 лет назад

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird ...

github логотип

GHSA-7xx5-x9cc-jpwq

CVSS3: 5.9
github
больше 3 лет назад

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

EPSS

Процентиль: 67%
0.00545
Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3