Secunia
Login
|
|
CVE Reference: CVE-2010-3170 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2010-3170 |
|
|
Description: Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. |
|
|
CVE Status: Candidate |
|
|
References: UBUNTU http://www.ubuntu.com/usn/USN-1007-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html SAID Secunia Advisory: SA41839 Secunia Advisory: SA42867 REDHAT http://www.redhat.com/support/errata/RHSA-2010-0782.html http://www.redhat.com/support/errata/RHSA-2010-0781.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12254 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 DEBIAN http://www.debian.org/security/2010/dsa-2123 CONFIRM http://support.avaya.com/css/P8/documents/100120156 http://support.avaya.com/css/P8/documents/100114250 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://www.mozilla.org/security/announce/2010/mfsa2010-70.html |
|
| Return to the previous page. |
