Your submission was sent successfully! Close

CVE-2013-6673

Published: 11 December 2013

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (26.0+build2-0ubuntu0.12.04.2)
quantal
Released (26.0+build2-0ubuntu0.12.10.2)
raring
Released (26.0+build2-0ubuntu0.13.04.2)
saucy
Released (26.0+build2-0ubuntu0.13.10.2)
upstream
Released (26.0)
thunderbird
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (1:24.2.0+build1-0ubuntu0.12.04.1)
quantal
Released (1:24.2.0+build1-0ubuntu0.12.10.1)
raring
Released (1:24.2.0+build1-0ubuntu0.13.04.1)
saucy
Released (1:24.2.0+build1-0ubuntu0.13.10.1)
upstream
Released (24.2.0)