Insecure digital certificates In thunderbird
Description
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel5 | 0:2.0.0.16-1.el5 | ||
rpm rhel5 | 0:3.0-2.el5 | ||
rpm rhel5 | 0:0.12-17.el5 | ||
rpm rhel5 | 0:1.9-1.el5 | ||
rpm rhel5 | 0:2.16.0-19.el5 |
Aliases
1. 2. 3.