| Revision Date: | 2014-10-06 | Version: | 31 |
| Title: | SSL Server X.509 Certificate Spoofing Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 |
| Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2010-3170
|
| Platform(s): | Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
|
| Definition Synopsis |
| Mozilla Firefox and version before 3.5.14 and 3.6.x before 3.6.11 Mozilla Firefox Mainline release is installed
AND Check for vulnerable version
Mozilla Firefox Mainline version is before 3.5.14
OR Mozilla Firefox Mainline version is 3.6.x before 3.6.11
OR Mozilla Thunderbird and version before 3.0.9 and 3.1.x before 3.1.5
Mozilla Thunderbird Mainline release is installed
AND Thunderbird version is less than 3.0.9 or 3.1.x before 3.1.5
Check if Mozilla Thunderbird version is before 3.0.9
OR Check if Mozilla Thunderbird version is 3.1.x before 3.1.5
OR Mozilla Seamonkey and version less than 2.0.9
Mozilla Seamonkey is installed
AND Check if the version of Mozilla Seamonkey is less than 2.0.9
|