CVE-2014-8642
CVE-2014-8642
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1079658http://secunia.com/advisories/62242http://secunia.com/advisories/62250http://secunia.com/advisories/62253http://secunia.com/advisories/62316http://secunia.com/advisories/62418http://secunia.com/advisories/62446http://secunia.com/advisories/62790https://exchange.xforce.ibmcloud.com/vulnerabilities/99963https://security.gentoo.org/glsa/201504-01