Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-3170
HistoryOct 20, 2010 - 12:00 a.m.

CVE-2010-3170

2010-10-2000:00:00
ubuntu.com
ubuntu.com
34
mozilla firefox
thunderbird
seamonkey
ssl
spoofing
vulnerability
x.509
certificate
ip address
man-in-the-middle
attack
crafted
legitimate
certification authority

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

46.7%

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before
3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a
wildcard IP address in the subject’s Common Name field of an X.509
certificate, which might allow man-in-the-middle attackers to spoof
arbitrary SSL servers via a crafted certificate issued by a legitimate
Certification Authority.

Notes

Author Note
jdstrand real problem but with very unlikely circumstances needs new NSPR
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchnss< 3.12.8-0ubuntu0.8.04.1UNKNOWN
ubuntu9.04noarchnss< 3.12.8-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchnss< 3.12.8-0ubuntu0.9.10.1UNKNOWN
ubuntu10.04noarchnss< 3.12.8-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchnss< 3.12.8-0ubuntu0.10.10.1UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

46.7%