3 matches found
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Impact undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername...
RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1455)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2015:1455 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. ...
Mozilla: Key pinning is ignored when overridable errors are encountered (MFSA 2015-67)
It was found that Firefox skipped key-pinning checks when handling an error that could be overridden by the user for example an expired certificate error. This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform...