Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2023/06/13 3:0 p.m.4 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/13 2:59 p.m.4 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2015/07/03 5:12 a.m.4 views

Mozilla: Key pinning is ignored when overridable errors are encountered (MFSA 2015-67)

It was found that Firefox skipped key-pinning checks when handling an error that could be overridden by the user for example an expired certificate error. This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform...

4.3CVSS7.2AI score0.01309EPSS
Exploits0References5
Mozilla
Mozilla
added 2015/07/02 12:0 a.m.51 views

Key pinning is ignored when overridable errors are encountered — Mozilla

Mozilla security engineer David Keeler reported that when an overridable error is encountered, such as those for expired certificates or a host name does not match a certificate, pinning checks can be be skipped. This would allow for a user to override a pinned certificate when they should not be...

4.3CVSS5.1AI score0.01309EPSS
Exploits0References2Affected Software4
Rows per page
Query Builder