Lucene search
SecurityvulnsSECURITYVULNS:DOC:24961HistoryOct 23, 2010 - 12:00 a.m.
Mozilla Foundation Security Advisory 2010-70
2010-10-2300:00:00
vulners.com
33
Mozilla Foundation Security Advisory 2010-70
Title: SSL wildcard certificate matching IP addresses
Impact: Moderate
Announced: October 19, 2010
Reporter: Richard Moore
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.11
Firefox 3.5.14
Thunderbird 3.1.5
Thunderbird 3.0.9
SeaMonkey 2.0.9
Description
Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=578697
* CVE-2010-3170
Related
openvas
openvas
Fedora Update for nss-softokn FEDORA-2010-15989
2010-11-16 00:00:00
Fedora Update for nss-softokn FEDORA-2010-15897
2010-12-02 00:00:00
Fedora Update for nss-util FEDORA-2010-15989
2010-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: nss-3.12.8-2.fc14
2010-10-28 05:48:31
[SECURITY] Fedora 14 Update: nss-softokn-3.12.8-1.fc14
2010-10-28 05:48:31
[SECURITY] Fedora 13 Update: nss-3.12.8-2.fc13
2010-10-27 22:30:59
oraclelinux
oraclelinux
nss security update
2011-02-11 00:00:00
seamonkey security update
2010-10-20 00:00:00
firefox security update
2010-10-20 00:00:00
nessus
nessus
Fedora 14 : nss-3.12.8-2.fc14 / nss-softokn-3.12.8-1.fc14 / nss-util-3.12.8-1.fc14 (2010-15897)
2010-10-29 00:00:00
Fedora 12 : nss-3.12.8-2.fc12 / nss-softokn-3.12.8-1.fc12 / nss-util-3.12.8-1.fc12 (2010-15989)
2010-11-05 00:00:00
SuSE 10 Security Update : Mozilla (ZYPP Patch Number 7196)
2010-11-05 00:00:00
debiancve
debiancve
CVE-2010-3170
2010-10-21 19:00:00
redhat
redhat
(RHSA-2010:0862) Low: nss security update
2010-11-10 00:00:00
(RHSA-2010:0781) Critical: seamonkey security update
2010-10-19 00:00:00
(RHSA-2010:0782) Critical: firefox security update
2010-10-19 00:00:00
cve
cve
CVE-2010-3170
2010-10-21 19:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:53:00
prion
prion
Design/Logic Flaw
2010-10-21 19:00:00
mozilla
mozilla
SSL wildcard certificate matching IP addresses — Mozilla
2010-10-19 00:00:00
ubuntucve
ubuntucve
CVE-2010-3170
2010-10-20 00:00:00
osv
osv
nss - cryptographic weaknesses
2010-11-01 00:00:00
debian
debian
[SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses
2010-11-01 19:45:41
BSA-009 Security Update for nss
2010-11-02 15:06:03
BSA-009 Security Update for nss
2010-11-02 19:04:18
ubuntu
ubuntu
NSS vulnerabilities
2010-10-20 00:00:00
centos
centos
seamonkey security update
2010-10-25 12:12:58
firefox, nss, xulrunner security update
2010-10-20 14:29:05
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-10-19 00:00:00
securityvulns
securityvulns
suse
suse
remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird
2010-11-08 11:27:17
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
vmware
vmware
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
Related for SECURITYVULNS:DOC:24961