Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla NSS SSL connection spoofing
Published:29.01.2014
Source:
SecurityVulns ID:13536
Type:m-i-t-m
Threat Level:
6/10
Description:Invalid TLS False Start feature implementation.
Affected:MOZILLA : nss 3.15
CVE:CVE-2013-1740 (The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.)
Original documentdocumentUBUNTU, [USN-2088-1] NSS vulnerability (29.01.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod