The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2014-01-18T22:00:00

Updated: 2024-08-06T15:13:32.451Z

Reserved: 2013-02-13T00:00:00

Link: CVE-2013-1740

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-01-18T22:55:03.117

Modified: 2024-11-21T01:50:17.903

Link: CVE-2013-1740

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-01-05T00:00:00Z

Links: CVE-2013-1740 - Bugzilla