PT-2015-4073 · Mozilla+3 · Firefox+4

Publicado

2015-01-13

·

Atualizado

2024-12-12

·

CVE-2014-8642

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 35.0 SeaMonkey versions prior to 2.32
Description The issue makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session where there was an incorrect decision to accept a compromised and revoked certificate. This occurs because the software does not consider a specific extension in deciding whether to trust an OCSP responder.
Recommendations For Mozilla Firefox versions prior to 35.0, update to version 35.0 or later. For SeaMonkey versions prior to 2.32, update to version 2.32 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

ALT-PU-2015-1082
ALT-PU-2015-1112
ALT-PU-2015-1464
CVE-2014-8642
MGASA-2015-0028
OPENSUSE-SU-2015_0077-1
OPENSUSE-SU-2015_0077-2
OPENSUSE-SU-2015_0192-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:14572-1
USN-2458-1
USN-2458-2
USN-2458-3

Produtos afetados

Alt Linux
Firefox
Seamonkey
Suse
Ubuntu