Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-2741

Опубликовано: 06 июл. 2015
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3

Описание

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.

РелизСтатусПримечание
devel

released

39.0+build5-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [39.0+build5-0ubuntu0.14.04.1]]
precise

released

39.0+build5-0ubuntu0.12.04.2
trusty

released

39.0+build5-0ubuntu0.14.04.1
trusty/esm

DNE

trusty was released [39.0+build5-0ubuntu0.14.04.1]
upstream

released

39.0
utopic

released

39.0+build5-0ubuntu0.14.10.1
vivid

released

39.0+build5-0ubuntu0.15.04.1

Показывать по

РелизСтатусПримечание
devel

released

1:31.8.0+build1-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [1:31.8.0+build1-0ubuntu0.14.04.1]]
precise

released

1:31.8.0+build1-0ubuntu0.12.04.1
trusty

released

1:31.8.0+build1-0ubuntu0.14.04.1
trusty/esm

DNE

trusty was released [1:31.8.0+build1-0ubuntu0.14.04.1]
upstream

released

31.8
utopic

released

1:31.8.0+build1-0ubuntu0.14.10.1
vivid

released

1:31.8.0+build1-0ubuntu0.15.04.1

Показывать по

EPSS

Процентиль: 67%
0.00562
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

redhat
около 10 лет назад

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.

nvd
около 10 лет назад

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.

debian
около 10 лет назад

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunder ...

github
около 3 лет назад

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.

oracle-oval
около 10 лет назад

ELSA-2015-1455: thunderbird security update (IMPORTANT)

EPSS

Процентиль: 67%
0.00562
Низкий

4.3 Medium

CVSS2