Lucene search
HistoryFeb 25, 2015 - 11:59 a.m.
CVE-2015-0832
mozilla firefox
cve-2015-0832
hpkp
hsts
security vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
58.9%
Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character.
Affected configurations
Node
opensuseopensuseMatch13.1
ORopensuseopensuseMatch13.2
Node
canonicalubuntu_linuxMatch12.04lts
ORcanonicalubuntu_linuxMatch14.04lts
ORcanonicalubuntu_linuxMatch14.10
Node
mozillafirefoxRange≤35.0.1
ORmozillafirefoxMatch0.1
ORmozillafirefoxMatch0.2
ORmozillafirefoxMatch0.3
ORmozillafirefoxMatch0.4
ORmozillafirefoxMatch0.5
ORmozillafirefoxMatch0.6
ORmozillafirefoxMatch0.6.1
ORmozillafirefoxMatch0.7
ORmozillafirefoxMatch0.7.1
ORmozillafirefoxMatch0.8
ORmozillafirefoxMatch0.9
ORmozillafirefoxMatch0.9rc
ORmozillafirefoxMatch0.9.1
ORmozillafirefoxMatch0.9.2
ORmozillafirefoxMatch0.9.3
ORmozillafirefoxMatch0.10
ORmozillafirefoxMatch0.10.1
ORmozillafirefoxMatch1.0
ORmozillafirefoxMatch1.0preview_release
ORmozillafirefoxMatch1.0.1
ORmozillafirefoxMatch1.0.2
ORmozillafirefoxMatch1.0.3
ORmozillafirefoxMatch1.0.4
ORmozillafirefoxMatch1.0.5
ORmozillafirefoxMatch1.0.6
ORmozillafirefoxMatch1.0.7
ORmozillafirefoxMatch1.0.8
ORmozillafirefoxMatch1.4.1
ORmozillafirefoxMatch1.5
ORmozillafirefoxMatch1.5beta1
ORmozillafirefoxMatch1.5beta2
ORmozillafirefoxMatch1.5.0.1
ORmozillafirefoxMatch1.5.0.2
ORmozillafirefoxMatch1.5.0.3
ORmozillafirefoxMatch1.5.0.4
ORmozillafirefoxMatch1.5.0.5
ORmozillafirefoxMatch1.5.0.6
ORmozillafirefoxMatch1.5.0.7
ORmozillafirefoxMatch1.5.0.8
ORmozillafirefoxMatch1.5.0.9
ORmozillafirefoxMatch1.5.0.10
ORmozillafirefoxMatch1.5.0.11
ORmozillafirefoxMatch1.5.0.12
ORmozillafirefoxMatch1.5.1
ORmozillafirefoxMatch1.5.2
ORmozillafirefoxMatch1.5.3
ORmozillafirefoxMatch1.5.4
ORmozillafirefoxMatch1.5.5
ORmozillafirefoxMatch1.5.6
ORmozillafirefoxMatch1.5.7
ORmozillafirefoxMatch1.5.8
ORmozillafirefoxMatch1.8
ORmozillafirefoxMatch2.0
ORmozillafirefoxMatch2.0.0.1
ORmozillafirefoxMatch2.0.0.2
ORmozillafirefoxMatch2.0.0.3
ORmozillafirefoxMatch2.0.0.4
ORmozillafirefoxMatch2.0.0.5
ORmozillafirefoxMatch2.0.0.6
ORmozillafirefoxMatch2.0.0.7
ORmozillafirefoxMatch2.0.0.8
ORmozillafirefoxMatch2.0.0.9
ORmozillafirefoxMatch2.0.0.10
ORmozillafirefoxMatch2.0.0.11
ORmozillafirefoxMatch2.0.0.12
ORmozillafirefoxMatch2.0.0.13
ORmozillafirefoxMatch2.0.0.14
ORmozillafirefoxMatch2.0.0.15
ORmozillafirefoxMatch2.0.0.16
ORmozillafirefoxMatch2.0.0.17
ORmozillafirefoxMatch2.0.0.18
ORmozillafirefoxMatch2.0.0.19
ORmozillafirefoxMatch2.0.0.20
ORmozillafirefoxMatch3.0
ORmozillafirefoxMatch3.0.1
ORmozillafirefoxMatch3.0.2
ORmozillafirefoxMatch3.0.3
ORmozillafirefoxMatch3.0.4
ORmozillafirefoxMatch3.0.5
ORmozillafirefoxMatch3.0.6
ORmozillafirefoxMatch3.0.7
ORmozillafirefoxMatch3.0.8
ORmozillafirefoxMatch3.0.9
ORmozillafirefoxMatch3.0.10
ORmozillafirefoxMatch3.0.11
ORmozillafirefoxMatch3.0.12
ORmozillafirefoxMatch3.0.13
ORmozillafirefoxMatch3.0.14
ORmozillafirefoxMatch3.0.15
ORmozillafirefoxMatch3.0.16
ORmozillafirefoxMatch3.0.17
ORmozillafirefoxMatch3.0.18
ORmozillafirefoxMatch3.0.19
ORmozillafirefoxMatch3.5
ORmozillafirefoxMatch3.5.1
ORmozillafirefoxMatch3.5.2
ORmozillafirefoxMatch3.5.3
ORmozillafirefoxMatch3.5.4
ORmozillafirefoxMatch3.5.5
ORmozillafirefoxMatch3.5.6
ORmozillafirefoxMatch3.5.7
ORmozillafirefoxMatch3.5.8
ORmozillafirefoxMatch3.5.9
ORmozillafirefoxMatch3.5.10
ORmozillafirefoxMatch3.5.11
ORmozillafirefoxMatch3.5.12
ORmozillafirefoxMatch3.5.13
ORmozillafirefoxMatch3.5.14
ORmozillafirefoxMatch3.5.15
ORmozillafirefoxMatch3.5.16
ORmozillafirefoxMatch3.5.17
ORmozillafirefoxMatch3.5.18
ORmozillafirefoxMatch3.5.19
ORmozillafirefoxMatch3.6
ORmozillafirefoxMatch3.6.2
ORmozillafirefoxMatch3.6.3
ORmozillafirefoxMatch3.6.4
ORmozillafirefoxMatch3.6.6
ORmozillafirefoxMatch3.6.7
ORmozillafirefoxMatch3.6.8
ORmozillafirefoxMatch3.6.9
ORmozillafirefoxMatch3.6.10
ORmozillafirefoxMatch3.6.11
ORmozillafirefoxMatch3.6.12
ORmozillafirefoxMatch3.6.13
ORmozillafirefoxMatch3.6.14
ORmozillafirefoxMatch3.6.15
ORmozillafirefoxMatch3.6.16
ORmozillafirefoxMatch3.6.17
ORmozillafirefoxMatch3.6.18
ORmozillafirefoxMatch3.6.19
ORmozillafirefoxMatch3.6.20
ORmozillafirefoxMatch3.6.21
ORmozillafirefoxMatch3.6.22
ORmozillafirefoxMatch3.6.23
ORmozillafirefoxMatch3.6.24
ORmozillafirefoxMatch3.6.25
ORmozillafirefoxMatch3.6.26
ORmozillafirefoxMatch3.6.27
ORmozillafirefoxMatch3.6.28
ORmozillafirefoxMatch4.0
ORmozillafirefoxMatch4.0beta1
ORmozillafirefoxMatch4.0beta10
ORmozillafirefoxMatch4.0beta11
ORmozillafirefoxMatch4.0beta12
ORmozillafirefoxMatch4.0beta2
ORmozillafirefoxMatch4.0beta3
ORmozillafirefoxMatch4.0beta4
ORmozillafirefoxMatch4.0beta5
ORmozillafirefoxMatch4.0beta6
ORmozillafirefoxMatch4.0beta7
ORmozillafirefoxMatch4.0beta8
ORmozillafirefoxMatch4.0beta9
ORmozillafirefoxMatch4.0.1
ORmozillafirefoxMatch5.0
ORmozillafirefoxMatch5.0.1
ORmozillafirefoxMatch6.0
ORmozillafirefoxMatch6.0.1
ORmozillafirefoxMatch6.0.2
ORmozillafirefoxMatch7.0
ORmozillafirefoxMatch7.0.1
ORmozillafirefoxMatch8.0
ORmozillafirefoxMatch8.0.1
ORmozillafirefoxMatch9.0
ORmozillafirefoxMatch9.0.1
ORmozillafirefoxMatch10.0
ORmozillafirefoxMatch10.0.1
ORmozillafirefoxMatch10.0.2
ORmozillafirefoxMatch10.0.3
ORmozillafirefoxMatch10.0.4
ORmozillafirefoxMatch10.0.5
ORmozillafirefoxMatch10.0.6
ORmozillafirefoxMatch10.0.7
ORmozillafirefoxMatch10.0.8
ORmozillafirefoxMatch10.0.9
ORmozillafirefoxMatch10.0.10
ORmozillafirefoxMatch10.0.11
ORmozillafirefoxMatch10.0.12
ORmozillafirefoxMatch11.0
ORmozillafirefoxMatch12.0
ORmozillafirefoxMatch12.0beta6
ORmozillafirefoxMatch13.0
ORmozillafirefoxMatch13.0.1
ORmozillafirefoxMatch14.0
ORmozillafirefoxMatch14.0.1
ORmozillafirefoxMatch15.0
ORmozillafirefoxMatch15.0.1
ORmozillafirefoxMatch16.0
ORmozillafirefoxMatch16.0.1
ORmozillafirefoxMatch16.0.2
ORmozillafirefoxMatch17.0
ORmozillafirefoxMatch17.0.1
ORmozillafirefoxMatch17.0.2
ORmozillafirefoxMatch17.0.3
ORmozillafirefoxMatch17.0.4
ORmozillafirefoxMatch17.0.5
ORmozillafirefoxMatch17.0.6
ORmozillafirefoxMatch17.0.7
ORmozillafirefoxMatch17.0.8
ORmozillafirefoxMatch17.0.9
ORmozillafirefoxMatch17.0.10
ORmozillafirefoxMatch17.0.11
ORmozillafirefoxMatch18.0
ORmozillafirefoxMatch18.0.1
ORmozillafirefoxMatch18.0.2
ORmozillafirefoxMatch19.0
ORmozillafirefoxMatch19.0.1
ORmozillafirefoxMatch19.0.2
ORmozillafirefoxMatch20.0
ORmozillafirefoxMatch20.0.1
ORmozillafirefoxMatch21.0
ORmozillafirefoxMatch22.0
ORmozillafirefoxMatch23.0
ORmozillafirefoxMatch23.0.1
ORmozillafirefoxMatch24.0
ORmozillafirefoxMatch24.1
ORmozillafirefoxMatch24.1.1
ORmozillafirefoxMatch25.0
ORmozillafirefoxMatch25.0.1
ORmozillafirefoxMatch26.0
ORmozillafirefoxMatch27.0
ORmozillafirefoxMatch27.0.1
ORmozillafirefoxMatch28.0
ORmozillafirefoxMatch29.0
ORmozillafirefoxMatch29.0.1
ORmozillafirefoxMatch30.0
ORmozillafirefoxMatch31.0
ORmozillafirefoxMatch31.1.0
ORmozillafirefoxMatch32.0
ORmozillafirefoxMatch33.0
ORmozillafirefoxMatch34.0.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| opensuse:opensuse | opensuse | eq | 13.1 |
| opensuse:opensuse | opensuse | eq | 13.2 |
References
lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
www.mozilla.org/security/announce/2015/mfsa2015-13.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/72752
www.ubuntu.com/usn/USN-2505-1
bugzilla.mozilla.org/show_bug.cgi?id=1065909
security.gentoo.org/glsa/201504-01
Related
nvd
nvd
CVE-2015-0832
2015-02-25 11:59:12
prion
prion
Design/Logic Flaw
2015-02-25 11:59:00
ubuntucve
ubuntucve
CVE-2015-0832
2015-02-25 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-13) - Linux
2021-11-11 00:00:00
Ubuntu: Security Advisory (USN-2505-1)
2015-02-26 00:00:00
Mageia: Security Advisory (MGASA-2015-0126)
2022-01-28 00:00:00
cvelist
cvelist
CVE-2015-0832
2015-02-25 11:00:00
mozilla
mozilla
Appended period to hostnames can bypass HPKP and HSTS protections — Mozilla
2015-02-24 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-02-25 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Firefox regression (USN-2505-2)
2015-03-10 00:00:00
Firefox < 36.0 Multiple Vulnerabilities (Mac OS X)
2015-02-25 00:00:00
Mozilla Firefox ESR < 31.5 Multiple Vulnerabilities
2019-11-06 00:00:00
mageia
mageia
Updated iceape packages fix security vulnerabilities
2015-04-03 16:11:23
ubuntu
ubuntu
Firefox vulnerabilities
2015-02-25 00:00:00
Firefox regression
2015-03-09 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-02-24 00:00:00
kaspersky
kaspersky
KLA10464 Multiple vulnerabilities in Mozilla products
2015-02-24 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2015-03-01 11:04:54
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-03-22 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
58.9%
Related for CVE-2015-0832