CVE-2009-2408
CVSS v3.1
5.9 (Medium)
CVSS v2.0
6.8 (Medium)
EPSS
0.25 % (65th)
Affected Products
9
Advisories
5
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2009-07-30 19:30:00
(15 years ago) - Updated Date
-
2024-02-14 17:21:52
(7 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...