CVE-2015-2741

2015-07-0500:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.0%

JSON

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird
before 38.1 do not enforce key pinning upon encountering an X.509
certificate problem that generates a user dialog, which allows
user-assisted man-in-the-middle attackers to bypass intended access
restrictions by triggering a (1) expired certificate or (2) mismatched
hostname for a domain with pinning enabled.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfirefox< 39.0+build5-0ubuntu0.12.04.2UNKNOWN
ubuntu14.04noarchfirefox< 39.0+build5-0ubuntu0.14.04.1UNKNOWN
ubuntu14.10noarchfirefox< 39.0+build5-0ubuntu0.14.10.1UNKNOWN
ubuntu15.04noarchfirefox< 39.0+build5-0ubuntu0.15.04.1UNKNOWN
ubuntu12.04noarchthunderbird< 1:31.8.0+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu14.04noarchthunderbird< 1:31.8.0+build1-0ubuntu0.14.04.1UNKNOWN
ubuntu14.10noarchthunderbird< 1:31.8.0+build1-0ubuntu0.14.10.1UNKNOWN
ubuntu15.04noarchthunderbird< 1:31.8.0+build1-0ubuntu0.15.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	firefox	< 39.0+build5-0ubuntu0.12.04.2	UNKNOWN
ubuntu	14.04	noarch	firefox	< 39.0+build5-0ubuntu0.14.04.1	UNKNOWN
ubuntu	14.10	noarch	firefox	< 39.0+build5-0ubuntu0.14.10.1	UNKNOWN
ubuntu	15.04	noarch	firefox	< 39.0+build5-0ubuntu0.15.04.1	UNKNOWN
ubuntu	12.04	noarch	thunderbird	< 1:31.8.0+build1-0ubuntu0.12.04.1	UNKNOWN
ubuntu	14.04	noarch	thunderbird	< 1:31.8.0+build1-0ubuntu0.14.04.1	UNKNOWN
ubuntu	14.10	noarch	thunderbird	< 1:31.8.0+build1-0ubuntu0.14.10.1	UNKNOWN
ubuntu	15.04	noarch	thunderbird	< 1:31.8.0+build1-0ubuntu0.15.04.1	UNKNOWN