PT-2019-4551 · Mozilla+5 · Firefox+5

Hubert Kario

·

Publicado

2019-07-09

·

Atualizado

2024-12-12

·

CVE-2019-11727

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 68
Description The issue is related to an error in the CertificateVerify service of the Network Security Services (NSS), which can be exploited by a remote attacker to impact data integrity. Specifically, it is possible to force NSS to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by the server in CertificateRequest in TLS 1.3, although PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages.
Recommendations For versions prior to 68, update to version 68 or later to resolve the issue. As a temporary workaround, consider restricting the use of TLS 1.3 until a patch is available. Avoid using PKCS#1 v1.5 signatures for TLS 1.3 messages in the affected CertificateVerify service.

Exploit

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

ALT-PU-2019-2301
ALT-PU-2019-2324
ALT-PU-2019-2479
ALT-PU-2019-2486
BDU:2020-00597
CESA-2019_1951
CESA-2020_4076
CVE-2019-11727
MGASA-2019-0213
MGASA-2019-0272
OPENSUSE-SU-2019:2248-1
OPENSUSE-SU-2019:2249-1
OPENSUSE-SU-2019:2251-1
OPENSUSE-SU-2019:2260-1
OPENSUSE-SU-2019_2248-1
OPENSUSE-SU-2019_2249-1
OPENSUSE-SU-2019_2251-1
OPENSUSE-SU-2019_2260-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:11058-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:1951
RHSA-2019_1951
RHSA-2020:4076
RHSA-2020_4076
SUSE-SU-2019:14246-1
SUSE-SU-2019:2515-1
SUSE-SU-2019:2545-1
SUSE-SU-2019:2620-1
SUSE-SU-2019_14246-1
SUSE-SU-2020:14418-1
SUSE-SU-2020_14418-1
USN-4054-1
USN-4054-2
USN-4060-1

Produtos afetados

Alt Linux
Centos
Firefox
Red Hat
Suse
Ubuntu