Описание
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 43.0.4+build3-0ubuntu1 |
| bionic | released | 43.0.4+build3-0ubuntu1 |
| cosmic | released | 43.0.4+build3-0ubuntu1 |
| devel | released | 43.0.4+build3-0ubuntu1 |
| disco | released | 43.0.4+build3-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [43.0.4+build3-0ubuntu0.14.04.1]] |
| precise | released | 43.0.4+build3-0ubuntu0.12.04.1 |
| precise/esm | DNE | precise was released [43.0.4+build3-0ubuntu0.12.04.1] |
| trusty | released | 43.0.4+build3-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [43.0.4+build3-0ubuntu0.14.04.1] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | not-affected | 2.12.23-12ubuntu2.4 |
| precise | released | 2.12.14-5ubuntu3.11 |
| precise/esm | not-affected | 2.12.14-5ubuntu3.11 |
| trusty | released | 2.12.23-12ubuntu2.4 |
| trusty/esm | not-affected | 2.12.23-12ubuntu2.4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 3.3.18-1ubuntu1 |
| bionic | not-affected | 3.3.18-1ubuntu1 |
| cosmic | not-affected | 3.3.18-1ubuntu1 |
| devel | not-affected | 3.3.18-1ubuntu1 |
| disco | not-affected | 3.3.18-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| esm-infra/bionic | not-affected | 3.3.18-1ubuntu1 |
| esm-infra/xenial | not-affected | 3.3.18-1ubuntu1 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.2.1-2 |
| bionic | not-affected | 2.2.1-2 |
| cosmic | not-affected | 2.2.1-2 |
| devel | not-affected | 2.2.1-2 |
| disco | not-affected | 2.2.1-2 |
| esm-apps/bionic | not-affected | 2.2.1-2 |
| esm-apps/xenial | not-affected | 2.2.1-2 |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2:3.21-1ubuntu2 |
| bionic | not-affected | 2:3.21-1ubuntu2 |
| cosmic | not-affected | 2:3.21-1ubuntu2 |
| devel | not-affected | 2:3.21-1ubuntu2 |
| disco | not-affected | 2:3.21-1ubuntu2 |
| esm-infra-legacy/trusty | not-affected | 2:3.19.2.1-0ubuntu0.14.04.2 |
| esm-infra/bionic | not-affected | 2:3.21-1ubuntu2 |
| esm-infra/xenial | not-affected | 2:3.21-1ubuntu2 |
| precise | released | 3.19.2.1-0ubuntu0.12.04.2 |
| precise/esm | not-affected | 3.19.2.1-0ubuntu0.12.04.2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [6b38-1.13.10-0ubuntu0.14.04.1]] |
| precise | released | 6b38-1.13.10-0ubuntu0.12.04.1 |
| precise/esm | DNE | precise was released [6b38-1.13.10-0ubuntu0.12.04.1] |
| trusty | released | 6b38-1.13.10-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [6b38-1.13.10-0ubuntu0.14.04.1] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [7u95-2.6.4-0ubuntu0.14.04.1]] |
| precise | released | 7u95-2.6.4-0ubuntu0.12.04.1 |
| precise/esm | DNE | precise was released [7u95-2.6.4-0ubuntu0.12.04.1] |
| trusty | released | 7u95-2.6.4-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [7u95-2.6.4-0ubuntu0.14.04.1] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 8u72-b15-1 |
| bionic | not-affected | 8u72-b15-1 |
| cosmic | not-affected | 8u72-b15-1 |
| devel | not-affected | 8u72-b15-1 |
| disco | not-affected | 8u72-b15-1 |
| esm-apps/bionic | not-affected | 8u72-b15-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 8u72-b15-1 |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.0.2e-1ubuntu1 |
| bionic | not-affected | 1.0.2e-1ubuntu1 |
| cosmic | not-affected | 1.0.2e-1ubuntu1 |
| devel | not-affected | 1.0.2e-1ubuntu1 |
| disco | not-affected | 1.0.2e-1ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 1.0.1f-1ubuntu2.16 |
| esm-infra/bionic | not-affected | 1.0.2e-1ubuntu1 |
| esm-infra/xenial | not-affected | 1.0.2e-1ubuntu1 |
| precise | released | 1.0.1-4ubuntu5.33 |
| precise/esm | not-affected | 1.0.1-4ubuntu5.33 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | not-affected | |
| precise/esm | DNE | precise was not-affected |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1:38.6.0+build1-0ubuntu1 |
| bionic | released | 1:38.6.0+build1-0ubuntu1 |
| cosmic | released | 1:38.6.0+build1-0ubuntu1 |
| devel | released | 1:38.6.0+build1-0ubuntu1 |
| disco | released | 1:38.6.0+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:38.6.0+build1-0ubuntu0.14.04.1]] |
| precise | released | 1:38.6.0+build1-0ubuntu0.12.04.1 |
| precise/esm | DNE | precise was released [1:38.6.0+build1-0ubuntu0.12.04.1] |
| trusty | released | 1:38.6.0+build1-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1:38.6.0+build1-0ubuntu0.14.04.1] |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozi ...
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3