Lucene search
PRIOn knowledge basePRION:CVE-2015-0832HistoryFeb 25, 2015 - 11:59 a.m.
Design/Logic Flaw
2015-02-2511:59:00
PRIOn knowledge base
www.prio-n.com
6
Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character.
References
lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
www.mozilla.org/security/announce/2015/mfsa2015-13.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/72752
www.ubuntu.com/usn/USN-2505-1
bugzilla.mozilla.org/show_bug.cgi?id=1065909
security.gentoo.org/glsa/201504-01
Related
nvd
nvd
CVE-2015-0832
2015-02-25 11:59:12
ubuntucve
ubuntucve
CVE-2015-0832
2015-02-25 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-13) - Linux
2021-11-11 00:00:00
Ubuntu: Security Advisory (USN-2505-1)
2015-02-26 00:00:00
Mageia: Security Advisory (MGASA-2015-0126)
2022-01-28 00:00:00
cvelist
cvelist
CVE-2015-0832
2015-02-25 11:00:00
mozilla
mozilla
Appended period to hostnames can bypass HPKP and HSTS protections — Mozilla
2015-02-24 00:00:00
cve
cve
CVE-2015-0832
2015-02-25 11:59:12
mageia
mageia
Updated iceape packages fix security vulnerabilities
2015-04-03 16:11:23
ubuntu
ubuntu
Firefox vulnerabilities
2015-02-25 00:00:00
Firefox regression
2015-03-09 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2505-1)
2015-02-26 00:00:00
Ubuntu 14.04 LTS : Firefox regression (USN-2505-2)
2015-03-10 00:00:00
Firefox < 36.0 Multiple Vulnerabilities (Mac OS X)
2015-02-25 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-02-25 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-02-24 00:00:00
kaspersky
kaspersky
KLA10464 Multiple vulnerabilities in Mozilla products
2015-02-24 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2015-03-01 11:04:54
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-03-22 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00