4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
56.6%
Security Researcher Matt McCutchen reported that a clickjacking attack using the certificate warning page. A man-in-the-middle (MITM) attacker can use an iframe to display its own certificate error warning page (about:certerror) with the “Add Exception” button of a real warning page from a malicious site. This can mislead users to adding a certificate exception for a different site than the perceived one. This can lead to compromised communications with the user perceived site through the MITM attack once the certificate exception has been added.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 13 | |
firefox esr | lt | 10.0.6 | |
seamonkey | lt | 2.10 | |
thunderbird | lt | 13 | |
thunderbird esr | lt | 10.0.6 |