Описание
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 37.0+build2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [37.0+build2-0ubuntu0.14.04.1]] |
| lucid | ignored | end of life |
| precise | released | 37.0+build2-0ubuntu0.12.04.1 |
| trusty | released | 37.0+build2-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [37.0+build2-0ubuntu0.14.04.1] |
| upstream | released | 37.0 |
| utopic | released | 37.0+build2-0ubuntu0.14.10.1 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.
Mozilla Firefox before 37.0 does not require an HTTPS session for ligh ...
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.
Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику обойти ограничения безопасности
EPSS
4.3 Medium
CVSS2