Oval Definition:oval:org.mitre.oval:def:12254
Revision Date:2014-10-06Version:31
Title:SSL Server X.509 Certificate Spoofing Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description:Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-3170
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis
  • Mozilla Firefox and version before 3.5.14 and 3.6.x before 3.6.11
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is before 3.5.14
  • OR Mozilla Firefox Mainline version is 3.6.x before 3.6.11
  • OR Mozilla Thunderbird and version before 3.0.9 and 3.1.x before 3.1.5
  • Mozilla Thunderbird Mainline release is installed
  • AND Thunderbird version is less than 3.0.9 or 3.1.x before 3.1.5
  • Check if Mozilla Thunderbird version is before 3.0.9
  • OR Check if Mozilla Thunderbird version is 3.1.x before 3.1.5
  • OR Mozilla Seamonkey and version less than 2.0.9
  • Mozilla Seamonkey is installed
  • AND Check if the version of Mozilla Seamonkey is less than 2.0.9
  • BACK