CVE-2010-3170

Published: 20 October 2010

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Priority

Low

Status

Package Release Status
nspr
Launchpad, Ubuntu, Debian
Upstream
Released (4.8.6)
nss
Launchpad, Ubuntu, Debian
Upstream
Released (3.12.8)

Notes

AuthorNote
jdstrand
real problem but with very unlikely circumstances
needs new NSPR

References