CVE-2016-9064
CVSS v3.0
5.9 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.39 % (74th)
Affected Products
2
Advisories
12
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.
Weaknesses
- CWE-295
- Improper Certificate Validation
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2018-06-11 21:29:01
(6 years ago) - Updated Date
-
2018-08-01 14:56:52
(6 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...