CVE-2008-2809 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2809
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2809

Description: Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43524 UBUNTU http://www.ubuntu.com/usn/usn-619-1 http://www.ubuntu.com/usn/usn-629-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 ST 1018979 1020419 SREASON http://securityreason.com/securityalert/3498 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 SAID Secunia Advisory: SA34501 Secunia Advisory: SA30911 Secunia Advisory: SA30878 Secunia Advisory: SA30898 Secunia Advisory: SA30903 Secunia Advisory: SA30949 Secunia Advisory: SA31005 Secunia Advisory: SA31008 Secunia Advisory: SA31069 Secunia Advisory: SA31023 Secunia Advisory: SA31183 Secunia Advisory: SA31195 Secunia Advisory: SA31220 Secunia Advisory: SA31253 Secunia Advisory: SA31377 Secunia Advisory: SA31286 Secunia Advisory: SA31403 Secunia Advisory: SA31021 Secunia Advisory: SA33433 REDHAT http://rhn.redhat.com/errata/RHSA-2008-0616.html http://www.redhat.com/support/errata/RHSA-2008-0547.html http://www.redhat.com/support/errata/RHSA-2008-0549.html http://www.redhat.com/support/errata/RHSA-2008-0569.html MISC http://nils.toedtmann.net/pub/subjectAltName.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:155 http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 GENTOO http://security.gentoo.org/glsa/glsa-200808-03.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1621 http://www.debian.org/security/2009/dsa-1697 http://www.debian.org/security/2008/dsa-1615 http://www.debian.org/security/2008/dsa-1607 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0216 http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 http://www.mozilla.org/security/announce/2008/mfsa2008-31.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/494080/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/483937/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/483960/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/483929/100/100/threaded BID 30038

Return to the previous page.