CVE-2014-1584

by Fred · 15/10/2014

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.

Date published : 2014-10-15

http://www.securityfocus.com/bid/70434

http://www.mozilla.org/security/announce/2014/mfsa2014-80.html

CVE-2014-1584

Similar

Recent Posts

Categories

CVE-2014-1584

Share this:

Similar

Recent Posts

Categories

Tags