Описание
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 35.0+build3-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [35.0+build3-0ubuntu0.14.04.2]] |
| lucid | ignored | end of life |
| precise | released | 35.0+build3-0ubuntu0.12.04.2 |
| trusty | released | 35.0+build3-0ubuntu0.14.04.2 |
| trusty/esm | DNE | trusty was released [35.0+build3-0ubuntu0.14.04.2] |
| upstream | released | 35.0 |
| utopic | released | 35.0+build3-0ubuntu0.14.10.2 |
Показывать по
4.3 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider ...
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.
4.3 Medium
CVSS2