CVE-2010-3173

2010-10-2000:00:00

ubuntu.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.8%

JSON

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before
3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey
before 2.0.9 does not properly set the minimum key length for
Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote
attackers to defeat cryptographic protection mechanisms via a brute-force
attack.

Notes

Author	Note
jdstrand	update merely enforces a stronger key length needs new NSPR

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchnss< 3.12.8-0ubuntu0.8.04.1UNKNOWN
ubuntu9.04noarchnss< 3.12.8-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchnss< 3.12.8-0ubuntu0.9.10.1UNKNOWN
ubuntu10.04noarchnss< 3.12.8-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchnss< 3.12.8-0ubuntu0.10.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	nss	< 3.12.8-0ubuntu0.8.04.1	UNKNOWN
ubuntu	9.04	noarch	nss	< 3.12.8-0ubuntu0.9.04.1	UNKNOWN
ubuntu	9.10	noarch	nss	< 3.12.8-0ubuntu0.9.10.1	UNKNOWN
ubuntu	10.04	noarch	nss	< 3.12.8-0ubuntu0.10.04.1	UNKNOWN
ubuntu	10.10	noarch	nss	< 3.12.8-0ubuntu0.10.10.1	UNKNOWN