Описание
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 72.0.1+build1-0ubuntu0.18.04.1 |
| devel | released | 72.0.1+build1-0ubuntu1 |
| disco | released | 72.0.1+build1-0ubuntu0.19.04.1 |
| eoan | released | 72.0.1+build1-0ubuntu0.19.10.1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 72.0.1+build1-0ubuntu1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:3.35-2ubuntu2.8 |
| devel | not-affected | 2:3.49.1-1ubuntu1 |
| disco | ignored | end of life |
| eoan | released | 2:3.45-1ubuntu2.3 |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | released | 2:3.35-2ubuntu2.8 |
| esm-infra/focal | not-affected | 2:3.49.1-1ubuntu1 |
| esm-infra/xenial | not-affected | code not compiled |
| focal | not-affected | 2:3.49.1-1ubuntu1 |
| precise/esm | not-affected |
Показывать по
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
After a HelloRetryRequest has been sent, the client may negotiate a lo ...
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
Уязвимость расширения HelloRetryRequest браузера Firefox, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3