Описание
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 96.0+build2-0ubuntu0.18.04.1 |
| devel | released | 96.0+build2-0ubuntu1 |
| esm-infra/focal | DNE | |
| focal | released | 96.0+build2-0ubuntu0.20.04.1 |
| hirsute | released | 96.0+build2-0ubuntu0.21.04.1 |
| impish | released | 96.0+build2-0ubuntu0.21.10.1 |
| jammy | released | 96.0+build2-0ubuntu1 |
| kinetic | released | 96.0+build2-0ubuntu1 |
| lunar | released | 96.0+build2-0ubuntu1 |
| mantic | released | 96.0+build2-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | ignored | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/focal | ignored | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | ignored | |
| focal | ignored | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | ignored | |
| focal | ignored | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/jammy | ignored | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
| jammy | ignored | |
| kinetic | ignored | end of life, was needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:3.35-2ubuntu2.15 |
| devel | not-affected | 2:3.79-1 |
| esm-infra-legacy/trusty | not-affected | 2:3.28.4-0ubuntu0.14.04.5+esm11 |
| esm-infra/bionic | not-affected | 2:3.35-2ubuntu2.15 |
| esm-infra/focal | not-affected | 2:3.49.1-1ubuntu1.8 |
| esm-infra/xenial | released | 2:3.28.4-0ubuntu0.16.04.14+esm3 |
| focal | released | 2:3.49.1-1ubuntu1.8 |
| hirsute | ignored | end of life, was needed |
| impish | released | 2:3.68-1ubuntu1.2 |
| jammy | not-affected | 2:3.68.2-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:91.5.0+build1-0ubuntu0.18.04.1 |
| devel | released | 1:91.5.0+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 1:91.5.0+build1-0ubuntu0.20.04.1 |
| hirsute | ignored | end of life |
| impish | released | 1:91.5.0+build1-0ubuntu0.21.10.1 |
| jammy | released | 1:91.5.0+build1-0ubuntu1 |
| kinetic | released | 1:91.5.0+build1-0ubuntu1 |
| lunar | released | 1:91.5.0+build1-0ubuntu1 |
Показывать по
Ссылки на источники
6.5 Medium
CVSS3
Связанные уязвимости
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
After accepting an untrusted certificate, handling an empty pkcs7 sequ ...
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с неправильной проверкой ввода пустой последовательности pkcs7, передаваемой как часть данных сертификата, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)
6.5 Medium
CVSS3