Announcement Announcement Module
Collapse
No announcement yet.
Mozilla Network Security Services wildcard characters Vulnerability Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mozilla Network Security Services wildcard characters Vulnerability

    Mozilla Network Security Services wildcard characters Vulnerability


    Severity Rating: MEDIUM

    Component Affected
    • Mozilla Firefox versions prior to 28.0
    • Mozilla Network Security Services versions prior to 3.15
    • Mozilla Seamonkey versions prior to 2.25

    Overview
    A vulnerability has been reported in Mozilla products which could allow remote attackers to launch man-in-the-middle attack to spoof SSL servers.

    Description
    This vulnerability exists in Mozilla Network Security Services (NSS) due to improper handling of wildcard character that is embedded in an internationalized domain name's U-label in a wildcard certificate. This
    vulnerability is caused due to the cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS), which fails to check a wildcard character
    that is embedded in an internationalized domain name's U-label.

    A remote attacker could exploit this vulnerability by sending a crafted certificate to users. Successful exploitation of this vulnerability could allow man-in-the-middle attackers to spoof SSL servers.

    Solution
    Apply appropriate upgrades as mentioned in Mozilla Advisory http://www.mozilla.org/security/anno...sa2014-45.html


    Vendor Information
    Mozilla
    http://www.mozilla.org/security/anno...sa2014-45.html

    References
    Mozilla
    http://www.mozilla.org/security/anno...sa2014-45.html
    SecurityFocus
    http://www.securityfocus.com/bid/66356/
Tag Cloud Tag Cloud Module
Collapse
Working...
X