Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 01:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://isc.sans.org/diary.html?storyid=7003 - Broken Link | |
References | () http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html - Mailing List | |
References | () http://marc.info/?l=oss-security&m=125198917018936&w=2 - Mailing List | |
References | () http://osvdb.org/56723 - Broken Link | |
References | () http://secunia.com/advisories/36088 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36125 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36139 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36157 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36434 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36669 - Broken Link | |
References | () http://secunia.com/advisories/37098 - Broken Link | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 - Broken Link | |
References | () http://www.debian.org/security/2009/dsa-1874 - Mailing List | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 - Broken Link | |
References | () http://www.mozilla.org/security/announce/2009/mfsa2009-42.html - Vendor Advisory | |
References | () http://www.novell.com/linux/security/advisories/2009_48_firefox.html - Broken Link | |
References | () http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2009-1207.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2009-1432.html - Broken Link | |
References | () http://www.securitytracker.com/id?1022632 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-810-1 - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2009/2085 - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2009/3184 - Broken Link | |
References | () http://www.wired.com/threatlevel/2009/07/kaminsky/ - Press/Media Coverage | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=510251 - Issue Tracking | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 - Broken Link | |
References | () https://usn.ubuntu.com/810-2/ - Broken Link |
14 Feb 2024, 17:21
Type | Values Removed | Values Added |
---|---|---|
References | () http://isc.sans.org/diary.html?storyid=7003 - Broken Link | |
References | () http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html - Mailing List | |
References | () http://marc.info/?l=oss-security&m=125198917018936&w=2 - Mailing List | |
References | () http://osvdb.org/56723 - Broken Link | |
References | () http://secunia.com/advisories/36088 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36125 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36139 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36157 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36434 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36669 - Broken Link | |
References | () http://secunia.com/advisories/37098 - Broken Link | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 - Broken Link | |
References | () http://www.debian.org/security/2009/dsa-1874 - Mailing List | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 - Broken Link | |
References | () http://www.novell.com/linux/security/advisories/2009_48_firefox.html - Broken Link | |
References | () http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2009-1207.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2009-1432.html - Broken Link | |
References | () http://www.securitytracker.com/id?1022632 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-810-1 - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2009/2085 - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2009/3184 - Broken Link | |
References | () http://www.wired.com/threatlevel/2009/07/kaminsky/ - Press/Media Coverage | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=510251 - Issue Tracking | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 - Broken Link | |
References | () https://usn.ubuntu.com/810-2/ - Broken Link | |
CPE | cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:nss:3.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:nss:3.11.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.2:beta3:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:nss:3.11.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.1:beta1:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:beta2:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:nss:3.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:nss:3.11.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:* cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:nss:3.11.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:nss:3.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.2:beta1:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:* |
CWE | CWE-295 | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 5.9 |
First Time |
Suse linux Enterprise Server
Canonical ubuntu Linux Debian Debian debian Linux Suse Opensuse opensuse Mozilla network Security Services Suse linux Enterprise Opensuse Canonical |
Information
Published : 2009-07-30 19:30
Updated : 2024-11-21 01:04
NVD link : CVE-2009-2408
Mitre link : CVE-2009-2408
CVE.ORG link : CVE-2009-2408
JSON object : View
Products Affected
debian
- debian_linux
mozilla
- seamonkey
- network_security_services
- thunderbird
- firefox
suse
- linux_enterprise
- linux_enterprise_server
opensuse
- opensuse
canonical
- ubuntu_linux
CWE
CWE-295
Improper Certificate Validation