CVE-2014-1584

2014-10-15T06:55:06
ID CVE-2014-1584
Type cve
Reporter NVD
Modified 2016-12-21T21:59:14

Description

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.