6 matches found
Mozilla Firefox WebRTC Man-in-the-Middle Attack (CVE-2015-0834)
A security bypass vulnerability has been reported in Mozilla Firefox browser. The vulnerability is due to a weakness in the WebRTC protocol. The vulnerability can be exploited through the use of a man-in-the-middle attack. Successful exploitation would allow attackers to decrypt online traffic...
openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2015-185)
MozillaFirefox, mozilla-nss were updated to fix 18 security issues. MozillaFirefox was updated to version 36.0. These security issues were fixed : - CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards - CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS protections...
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:0404-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for MozillaFirefox, mozilla-nss (important)
MozillaFirefox, mozilla-nss were updated to fix 18 security issues. MozillaFirefox was updated to version 36.0. These security issues were fixed: - CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards - CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS protections ...
CVE-2015-0834
The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time...
CVE-2015-0834
CVE-2015-0834 affects Mozilla Firefox prior to 36.0, where the WebRTC subsystem accepts TURN/STUN URIs without TLS, enabling a man-in-the-middle to potentially discover credentials by spoofing a server and brute-forcing within a short window. Public documents indicate remediation via upgrading Fi...