logo
DATABASE RESOURCES PRICING ABOUT US

Mozilla Foundation Security Advisory 2010-70

Description

Mozilla Foundation Security Advisory 2010-70 Title: SSL wildcard certificate matching IP addresses Impact: Moderate Announced: October 19, 2010 Reporter: Richard Moore Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.11 Firefox 3.5.14 Thunderbird 3.1.5 Thunderbird 3.0.9 SeaMonkey 2.0.9 Description Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. References * https://bugzilla.mozilla.org/show_bug.cgi?id=578697 * CVE-2010-3170


Related