CVE-2015-0812
CVSS v2.0
4.3 (Medium)
EPSS
0.21 % (59th)
Affected Products
3
Advisories
3
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.
Weaknesses
- CWE-17
- DEPRECATED: Code
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2015-04-01 10:59:11
(9 years ago) - Updated Date
-
2018-10-30 16:27:35
(5 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...