Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2009-07-30T19:00:00
Updated: 2024-08-07T05:52:14.734Z
Reserved: 2009-07-09T00:00:00
Link: CVE-2009-2408
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-07-30T19:30:00.313
Modified: 2024-11-21T01:04:48.120
Link: CVE-2009-2408
Redhat