Vulnerability CVE-2008-2809


Published: 2008-07-08   Modified: 2011-03-07

Description:
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Certificate spoofing issue with Mozilla, Konqueror, Safari 2
Nils Toedtmann
28.12.2007

Type:

CWE-20

(Improper Input Validation)

Vendor: Netscape
Product: Navigator 
Version: 9.0;
Vendor: Mozilla
Product: Firefox 
Version:
2.0.0.9
2.0.0.8
2.0.0.7
2.0.0.6
2.0.0.5
2.0.0.4
2.0.0.3
2.0.0.2
2.0.0.14
2.0.0.13
2.0.0.12
2.0.0.11
2.0.0.10
2.0.0.1
Product: Geckb 
Version: 1.9;
Product: Seamonkey 
Version: 1.1.5; 1.0.9;

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
4.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
https://issues.rpath.com/browse/RPL-2646
https://bugzilla.mozilla.org/show_bug.cgi?id=402347
https://bugzilla.mozilla.org/show_bug.cgi?id=327181
https://bugzilla.mozilla.org/show_bug.cgi?id=240261
http://xforce.iss.net/xforce/xfdb/43524
http://www.vupen.com/english/advisories/2009/0977
http://www.vupen.com/english/advisories/2008/1993/references
http://www.ubuntu.com/usn/usn-629-1
http://www.ubuntu.com/usn/usn-619-1
http://www.securitytracker.com/id?1020419
http://www.securityfocus.com/bid/30038
http://www.securityfocus.com/archive/1/archive/1/494080/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/483960/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/483937/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/483929/100/100/threaded
http://www.redhat.com/support/errata/RHSA-2008-0569.html
http://www.redhat.com/support/errata/RHSA-2008-0549.html
http://www.redhat.com/support/errata/RHSA-2008-0547.html
http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
http://www.debian.org/security/2009/dsa-1697
http://www.debian.org/security/2008/dsa-1621
http://www.debian.org/security/2008/dsa-1615
http://www.debian.org/security/2008/dsa-1607
http://wiki.rpath.com/Advisories:rPSA-2008-0216
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
http://securitytracker.com/id?1018979
http://securityreason.com/securityalert/3498
http://security.gentoo.org/glsa/glsa-200808-03.xml
http://secunia.com/advisories/34501
http://secunia.com/advisories/33433
http://secunia.com/advisories/31403
http://secunia.com/advisories/31377
http://secunia.com/advisories/31286
http://secunia.com/advisories/31253
http://secunia.com/advisories/31220
http://secunia.com/advisories/31195
http://secunia.com/advisories/31183
http://secunia.com/advisories/31069
http://secunia.com/advisories/31023
http://secunia.com/advisories/31021
http://secunia.com/advisories/31008
http://secunia.com/advisories/31005
http://secunia.com/advisories/30949
http://secunia.com/advisories/30911
http://secunia.com/advisories/30903
http://secunia.com/advisories/30898
http://secunia.com/advisories/30878
http://rhn.redhat.com/errata/RHSA-2008-0616.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10205
http://nils.toedtmann.net/pub/subjectAltName.txt
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html

Related CVE
CVE-2007-5341
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVE-2017-7502
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
CVE-2017-5461
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other i...
CVE-2016-2803
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.
CVE-2016-5284
Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificat...
CVE-2016-5282
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resiz...
CVE-2016-5280
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

Copyright 2017, cxsecurity.com

 

Back to Top