Описание
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 33.0+build2-0ubuntu0.14.10.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [33.0+build2-0ubuntu0.14.04.1]] |
| lucid | ignored | end of life |
| precise | released | 33.0+build2-0ubuntu0.12.04.1 |
| trusty | released | 33.0+build2-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [33.0+build2-0ubuntu0.14.04.1] |
| upstream | released | 33.0 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.
The Public Key Pinning (PKP) implementation in Mozilla Firefox before ...
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.
EPSS
4.3 Medium
CVSS2