Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vuln...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability

Secunia Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability
Secunia Official 22nd Sep, 2010 01:37
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability is caused due to the use of vulnerable Network Security Services (NSS) code.

For more information:
SA41237

mgroves

RE: Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

rheston

RE: Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
Anthony Wells RE: Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability
Expert Contributor 26th Sep, 2010 12:20
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

This vulnerability is not patched by version 3.6.10 which was/is only a stability/bug fix for version 3.6.9 .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+7
-0

irishfeat

RE: Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
palisade RE: Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability
Member 4th Oct, 2010 18:57
Score: 37
Posts: 16
User Since: 26th Feb 2010
System Score: N/A
Location: US
Last edited on 4th Oct, 2010 18:57
Confirmed that this was not fixed in 3.6.10, it only contained a blocklist update, and startup crash fix:

https://bugzilla.mozilla.org/buglist.cgi?quicksear...

---snip---

The Mozilla team has a fix for it already completed though:
https://bugzilla.mozilla.org/show_bug.cgi?id=59530...

Wan-Teh Chang 2010-09-10 12:53:15 PDT
mozilla-central is using NSS_3_12_8_BETA2. I'd like to
update to NSS_3_12_8_BETA3. I summarize the changes between
Beta 2 and Beta 3 below for Mozilla drivers.

Bug fixes of interest to Mozilla:
- Bug 578697: (CVE-2010-3170) Browser Wildcard Certificate Validation Issue
...[truncated the remaining bug fixes for readability]...

---snip---

I have confirmed with the developers via Mozilla's IRC server that 3.6.11 will contain a patch to solve this particular vulnerability.

Hope this helps someone.
Was this reply relevant?
+6
-0
flashbacknl RE: Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability
Member 20th Oct, 2010 02:38
Score: 2
Posts: 1
User Since: 20th Oct 2010
System Score: N/A
Location: NL
Last edited on 20th Oct, 2010 02:38
firefox 3.6.11 got released advisory can be changed to patched
Was this reply relevant?
+2
-0
DHC-22 RE: Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability
Member 21st Oct, 2010 18:21
Score: 9
Posts: 20
User Since: 10th Jun 2010
System Score: N/A
Location: US
The Firefox add-on, Verify Redirect: will this help combat the cross-scripting?
And having Java uninstalled? And Flash turned off?

- David
Was this reply relevant?
+0
-1


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability