Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802100
Category:General
Title:Mozilla Firefox SSL Certificate Spoofing Vulnerability (Windows)
Summary:The host is installed with Mozilla Firefox and is prone to SSL;certificate spoofing vulnerability.
Description:Summary:
The host is installed with Mozilla Firefox and is prone to SSL
certificate spoofing vulnerability.

Vulnerability Insight:
The flaw is due to improper handling of validation/revalidation of
'SSL' certificates. When re-loading the browser and visiting the page, the
untrusted connection warning would appear, but incorrectly indicates that the
site provides a valid, verified certificate and there is no way to confirm the
exception.

Vulnerability Impact:
Successful exploitation will allow remote attackers to perform
phishing-style attacks by bypassing security warnings when invalid certificates
are used in SSL HTTP connections.

Affected Software/OS:
Mozilla Firefox versions 4.0.x through 4.0.1

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective
features, remove the product or replace the product by another one.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: BugTraq ID: 48064
Common Vulnerability Exposure (CVE) ID: CVE-2011-0082
http://www.securityfocus.com/bid/48064
http://openwall.com/lists/oss-security/2011/05/31/4
http://openwall.com/lists/oss-security/2011/05/31/14
http://openwall.com/lists/oss-security/2011/05/31/18
http://openwall.com/lists/oss-security/2011/05/31/9
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14145
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.