The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

The cert_TestHostName function in lib/certdb/certdb.c in the certifica ...

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

ELSA-2014-1073: nss, nss-util, nss-softokn security, bug fix, and enhancement update (LOW)

Уязвимость программного обеспечения SeaMonkey, позволяющая удаленному злоумышленнику нарушить защищаемой информации

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику нарушить целостность защищаемой информации

ELSA-2014-1246: nss and nspr security, bug fix, and enhancement update (MODERATE)

ELSA-2014-0917: nss and nspr security, bug fix, and enhancement update (CRITICAL)