CVE-2008-2809

by Fred · 08/07/2008

Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

Date published : 2008-07-08

http://www.securityfocus.com/bid/30038

http://www.securityfocus.com/archive/1/483929/100/100/threaded

CVE-2008-2809

Similar

Recent Posts

Categories

CVE-2008-2809

Share this:

Similar

Recent Posts

Categories

Tags