CVE-2010-3170

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.5.14 and 3.6.x prior to 3.6.11 Thunderbird versions prior to 3.0.9 and 3.1.x prior to 3.1.5 SeaMonkey version prior to 2.0.9

Description The issue allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. This is possible because the software recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For Mozilla Firefox versions prior to 3.5.14 and 3.6.x prior to 3.6.11, update to version 3.5.14 or 3.6.11 or later. For Thunderbird versions prior to 3.0.9 and 3.1.x prior to 3.1.5, update to version 3.0.9 or 3.1.5 or later. For SeaMonkey version prior to 2.0.9, update to version 2.0.9 or later. As a temporary workaround, consider disabling the use of wildcard IP addresses in the subject's Common Name field of X.509 certificates until a patch is available.