Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19519
HistoryMar 26, 2008 - 12:00 a.m.

Mozilla Foundation Security Advisory 2008-17

2008-03-2600:00:00
vulners.com
44
JSON

Mozilla Foundation Security Advisory 2008-17

Title: Privacy issue with SSL Client Authentication
Impact: Low
Announced: March 25, 2008
Reporter: Peter Brodersen and Alexander Klink
Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.13
SeaMonkey 1.1.9
Description

Peter Brodersen and Alexander Klink independently reported that the default setting for SSL Client Authentication, automatically selecting a client certificate on behalf of the user, creates a potential privacy issue for users by allowing tracking through client certificates. For users who already have certificates some real-world identity information such as an email address or name may be available to web sites depending on the purpose of the certificate and its issuer.

The default preference has been changed to prompt the user each time a website requests a client certificate.
Workaround

Change the Certificate preference in the Options menu (Windows: Tools|Options, Mac: Firefox|Preferences, Linux: Edit|Preferences). Select the Advanced tab and Encryption sub-tab. Under the Certificates section select the option for "Ask me every time".
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=295922
* CVE-2007-4879

Related

mozilla 1
prion 2
cve 2
ubuntucve 1
freebsd 1
openvas 24
seebug 1
nessus 19
suse 1
osv 4
debian 4
ubuntu 1
securityvulns 1
gentoo 1
mozilla
mozilla
Privacy issue with SSL Client Authentication — Mozilla
2008-03-25 00:00:00
prion
prion
Code injection
2007-09-13 18:17:00
Design/Logic Flaw
2008-06-02 21:30:00
cve
cve
CVE-2007-4879
2007-09-13 18:17:00
CVE-2008-1580
2008-06-02 21:30:00
ubuntucve
ubuntucve
CVE-2007-4879
2007-09-13 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-03-26 00:00:00
openvas
openvas
FreeBSD Ports: firefox
2008-09-04 00:00:00
FreeBSD Ports: firefox
2008-09-04 00:00:00
Mozilla Firefox, Thunderbird, Seamonkey: Multiple Vulnerabilities (Mar 2008) - Windows
2008-06-17 00:00:00
seebug
seebug
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.13版本修复多个安全漏洞
2008-03-31 00:00:00
nessus
nessus
FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)
2008-03-31 00:00:00
SuSE 10 Security Update : epiphany (ZYPP Patch Number 5164)
2008-04-18 00:00:00
openSUSE 10 Security Update : seamonkey (seamonkey-5167)
2008-04-22 00:00:00
suse
suse
remote code execution in MozillaFirefox
2008-04-04 15:01:05
osv
osv
iceweasel
2008-03-30 00:00:00
xulrunner
2008-03-27 00:00:00
iceape - regression
2008-03-28 00:00:00
debian
debian
[SECURITY] [DSA 1535-1] New iceweasel packages fix several vulnerabilities
2008-03-30 12:22:31
[SECURITY] [DSA 1534-1] New iceape packages fix several vulnerabilities
2008-03-28 13:48:02
[SECURITY] [DSA 1534-2] New iceape packages fix regression
2008-04-24 21:02:40
ubuntu
ubuntu
Firefox vulnerabilities
2008-03-26 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2008-03-28 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2008-05-20 00:00:00
JSON
Related for SECURITYVULNS:DOC:19519
mozilla1prion2cve2ubuntucve1freebsd1openvas24seebug1nessus19suse1osv4debian4ubuntu1securityvulns1gentoo1