CVE-2014-1582
CVSS v2.0
4.3 (Medium)
EPSS
0.20 % (59th)
Affected Products
1
Advisories
3
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.
Weaknesses
- CWE-310
- Cryptographic Issues
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2014-10-15 10:55:06
(10 years ago) - Updated Date
-
2016-12-22 02:59:13
(7 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...