CVE-2019-11727

CVSS v3.0 5.3 (Medium)

CVSS v2.0 5 (Medium)

EPSS 0.65 % (80^th)

Affected Products 1

Advisories 20

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

Weaknesses

CWE-295: Improper Certificate Validation

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2019-07-23 14:15:16
(5 years ago)
Updated Date: 2019-07-30 23:15:12
(5 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox prior 68.0 version	cpe:2.3:a:mozilla:firefox		< 68.0