mozilla -- built-in CA certificates may be overridden

2004-06-2900:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.107 Low

EPSS

Percentile

95.0%

JSON

Under some situations, Mozilla will automatically import
a certificate from an email message or web site. This
behavior can be used as a denial-of-service attack: if the
certificate has a distinguished name (DN) identical to one
of the built-in Certificate Authorities (CAs), then Mozilla
will no longer be able to certify sites with certificates
issued from that CA.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfirefox< 0.9.3UNKNOWN
FreeBSDanynoarchlinux-mozilla< 1.7.2UNKNOWN
FreeBSDanynoarchlinux-mozilla-devel< 1.7.2UNKNOWN
FreeBSDanynoarchmozilla< 1.7.2,2UNKNOWN
FreeBSDanynoarchmozilla-gtk1< 1.7.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	firefox	< 0.9.3	UNKNOWN
FreeBSD	any	noarch	linux-mozilla	< 1.7.2	UNKNOWN
FreeBSD	any	noarch	linux-mozilla-devel	< 1.7.2	UNKNOWN
FreeBSD	any	noarch	mozilla	< 1.7.2,2	UNKNOWN
FreeBSD	any	noarch	mozilla-gtk1	< 1.7.2	UNKNOWN