[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: Key pinning bypasses - CVE-2014-1582 (Mac OS X)

ID: oval:org.secpod.oval:def:21436Date: (C)2014-10-21   (M)2023-12-07
Class: VULNERABILITYFamily: macos




The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.

Platform:
Apple Mac OS 14
Apple Mac OS 13
Apple Mac OS 12
Apple Mac OS 11
Apple Mac OS X 10.15
Apple Mac OS X 10.14
Apple Mac OS X 10.13
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Product:
Mozilla Firefox
Reference:
CVE-2014-1582
CVE    1
CVE-2014-1582
CPE    5
cpe:/a:mozilla:firefox:32.0
cpe:/a:mozilla:firefox:30.0
cpe:/a:mozilla:firefox:31.0
cpe:/a:mozilla:firefox:31.1.0
...

© SecPod Technologies