The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2014-01-18T22:00:00
Updated: 2024-08-06T15:13:32.451Z
Reserved: 2013-02-13T00:00:00
Link: CVE-2013-1740
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-01-18T22:55:03.117
Modified: 2024-11-21T01:50:17.903
Link: CVE-2013-1740
Redhat