 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2016-5284 |
| Description: | Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.851395 1.3.6.1.4.1.25623.1.0.851396 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-5284 BugTraq ID: 93049 http://www.securityfocus.com/bid/93049 Debian Security Information: DSA-3674 (Google Search) http://www.debian.org/security/2016/dsa-3674 https://security.gentoo.org/glsa/201701-15 https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95 http://seclists.org/dailydave/2016/q3/51 RedHat Security Advisories: RHSA-2016:1912 http://rhn.redhat.com/errata/RHSA-2016-1912.html http://www.securitytracker.com/id/1036852 |