Описание
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.
Релиз | Статус | Примечание |
---|---|---|
devel | released | 39.0+build5-0ubuntu1 |
esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [39.0+build5-0ubuntu0.14.04.1]] |
precise | released | 39.0+build5-0ubuntu0.12.04.2 |
trusty | released | 39.0+build5-0ubuntu0.14.04.1 |
trusty/esm | DNE | trusty was released [39.0+build5-0ubuntu0.14.04.1] |
upstream | released | 39.0 |
utopic | released | 39.0+build5-0ubuntu0.14.10.1 |
vivid | released | 39.0+build5-0ubuntu0.15.04.1 |
Показывать по
Релиз | Статус | Примечание |
---|---|---|
devel | released | 1:31.8.0+build1-0ubuntu1 |
esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:31.8.0+build1-0ubuntu0.14.04.1]] |
precise | released | 1:31.8.0+build1-0ubuntu0.12.04.1 |
trusty | released | 1:31.8.0+build1-0ubuntu0.14.04.1 |
trusty/esm | DNE | trusty was released [1:31.8.0+build1-0ubuntu0.14.04.1] |
upstream | released | 31.8 |
utopic | released | 1:31.8.0+build1-0ubuntu0.14.10.1 |
vivid | released | 1:31.8.0+build1-0ubuntu0.15.04.1 |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunder ...
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.
EPSS
4.3 Medium
CVSS2