7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.5%
Mozilla cryptographer Nelson Bolyard reported that the SSL implementation was permitting servers to use Diffie-Hellman Ephemeral mode (DHE) with too short of a minimum key length. DHE keys of such lengths are trivially breakable on modern hardware so SSL servers operating in this mode were providing very little effective security for their clients.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 3.5.14 | |
firefox | lt | 3.6.11 | |
seamonkey | lt | 2.0.9 | |
thunderbird | lt | 3.0.9 | |
thunderbird | lt | 3.1.5 |