CVE-2009-2408
CVE-2009-2408
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://isc.sans.org/diary.html?storyid=7003http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.htmlhttp://marc.info/?l=oss-security&m=125198917018936&w=2http://osvdb.org/56723https://bugzilla.redhat.com/show_bug.cgi?id=510251http://secunia.com/advisories/36088http://secunia.com/advisories/36125http://secunia.com/advisories/36139http://secunia.com/advisories/36157http://secunia.com/advisories/36434http://secunia.com/advisories/36669http://secunia.com/advisories/37098