CVE-2008-2809

Name of the Vulnerable Software and Affected Versions Mozilla versions 1.9 M8 and earlier Mozilla Firefox versions prior to 2.0.0.15 SeaMonkey versions prior to 1.1.10 Netscape version 9.0

Description The issue allows remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. This occurs when a user accepts an SSL server certificate based on the CN domain name in the DN field, and the certificate is then regarded as accepted for all domain names in subjectAltName:dNSName fields.

Recommendations For Mozilla versions 1.9 M8 and earlier, update to a version later than 1.9 M8 to resolve the issue. For Mozilla Firefox versions prior to 2.0.0.15, update to version 2.0.0.15 or later. For SeaMonkey versions prior to 1.1.10, update to version 1.1.10 or later. For Netscape version 9.0, consider alternative browsers or update paths as Netscape 9.0 is outdated.