CVE-2009-2408

by Fred · 30/07/2009

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a ‘’ character in a domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

Date published : 2009-07-30

http://www.mozilla.org/security/announce/2009/mfsa2009-42.html

http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h

CVE-2009-2408

Similar

Recent Posts

Categories

CVE-2009-2408

Share this:

Similar

Recent Posts

Categories

Tags