CVE-2014-1584
Publication date 14 October 2014
Last updated 24 July 2024
Ubuntu priority
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 14.04 LTS trusty |
Fixed 33.0+build2-0ubuntu0.14.04.1
|
References
Related Ubuntu Security Notices (USN)
- USN-2372-1
- Firefox vulnerabilities
- 14 October 2014