Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2008-17
HistoryMar 25, 2008 - 12:00 a.m.

Privacy issue with SSL Client Authentication — Mozilla

2008-03-2500:00:00
Mozilla Foundation
www.mozilla.org
12

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.04 Low

EPSS

Percentile

92.0%

JSON

Peter Brodersen and Alexander Klink independently reported that the default setting for SSL Client Authentication, automatically selecting a client certificate on behalf of the user, creates a potential privacy issue for users by allowing tracking through client certificates. For users who already have certificates some real-world identity information such as an email address or name may be available to web sites depending on the purpose of the certificate and its issuer.

CPENameOperatorVersion
firefoxlt2.0.0.13
seamonkeylt1.1.9

Related

prion 2
securityvulns 2
cve 2
ubuntucve 1
openvas 24
freebsd 1
seebug 1
nessus 19
suse 1
osv 4
debian 4
ubuntu 1
gentoo 1
prion
prion
Code injection
2007-09-13 18:17:00
Design/Logic Flaw
2008-06-02 21:30:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2008-17
2008-03-26 00:00:00
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2008-03-28 00:00:00
cve
cve
CVE-2007-4879
2007-09-13 18:17:00
CVE-2008-1580
2008-06-02 21:30:00
ubuntucve
ubuntucve
CVE-2007-4879
2007-09-13 00:00:00
openvas
openvas
FreeBSD Ports: firefox
2008-09-04 00:00:00
FreeBSD Ports: firefox
2008-09-04 00:00:00
Mozilla Firefox, Thunderbird, Seamonkey: Multiple Vulnerabilities (Mar 2008) - Windows
2008-06-17 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-03-26 00:00:00
seebug
seebug
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.13版本修复多个安全漏洞
2008-03-31 00:00:00
nessus
nessus
FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)
2008-03-31 00:00:00
openSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5163)
2008-04-22 00:00:00
openSUSE 10 Security Update : seamonkey (seamonkey-5153)
2008-04-11 00:00:00
suse
suse
remote code execution in MozillaFirefox
2008-04-04 15:01:05
osv
osv
iceape - regression
2008-03-28 00:00:00
iceweasel
2008-03-30 00:00:00
xulrunner
2008-03-27 00:00:00
debian
debian
[SECURITY] [DSA 1532-1] New xulrunner packages fix several vulnerabilities
2008-03-27 22:01:06
[SECURITY] [DSA 1534-2] New iceape packages fix regression
2008-04-24 21:02:40
[SECURITY] [DSA 1535-1] New iceweasel packages fix several vulnerabilities
2008-03-30 12:22:31
ubuntu
ubuntu
Firefox vulnerabilities
2008-03-26 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2008-05-20 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.04 Low

EPSS

Percentile

92.0%

JSON
Related for MFSA2008-17
prion2securityvulns2cve2ubuntucve1openvas24freebsd1seebug1nessus19suse1osv4debian4ubuntu1gentoo1