CVE-2015-2741

by Fred · 05/07/2015

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.

Date published : 2015-07-05

http://www.securityfocus.com/bid/75541

http://www.mozilla.org/security/announce/2015/mfsa2015-67.html

CVE-2015-2741

Similar

Recent Posts

Categories

CVE-2015-2741

Share this:

Similar

Recent Posts

Categories

Tags