CVE-2013-1740
18.01.2014, 22:55
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mozilla | network_security_services | 𝑥 ≤ 3.15.3 |
| mozilla | network_security_services | 3.2 |
| mozilla | network_security_services | 3.2.1 |
| mozilla | network_security_services | 3.3 |
| mozilla | network_security_services | 3.3.1 |
| mozilla | network_security_services | 3.3.2 |
| mozilla | network_security_services | 3.4 |
| mozilla | network_security_services | 3.4.1 |
| mozilla | network_security_services | 3.4.2 |
| mozilla | network_security_services | 3.5 |
| mozilla | network_security_services | 3.6 |
| mozilla | network_security_services | 3.6.1 |
| mozilla | network_security_services | 3.7 |
| mozilla | network_security_services | 3.7.1 |
| mozilla | network_security_services | 3.7.2 |
| mozilla | network_security_services | 3.7.3 |
| mozilla | network_security_services | 3.7.5 |
| mozilla | network_security_services | 3.7.7 |
| mozilla | network_security_services | 3.8 |
| mozilla | network_security_services | 3.9 |
| mozilla | network_security_services | 3.11.2 |
| mozilla | network_security_services | 3.11.3 |
| mozilla | network_security_services | 3.11.4 |
| mozilla | network_security_services | 3.11.5 |
| mozilla | network_security_services | 3.12 |
| mozilla | network_security_services | 3.12.1 |
| mozilla | network_security_services | 3.12.2 |
| mozilla | network_security_services | 3.12.3 |
| mozilla | network_security_services | 3.12.3.1 |
| mozilla | network_security_services | 3.12.3.2 |
| mozilla | network_security_services | 3.12.4 |
| mozilla | network_security_services | 3.12.5 |
| mozilla | network_security_services | 3.12.6 |
| mozilla | network_security_services | 3.12.7 |
| mozilla | network_security_services | 3.12.8 |
| mozilla | network_security_services | 3.12.9 |
| mozilla | network_security_services | 3.12.10 |
| mozilla | network_security_services | 3.12.11 |
| mozilla | network_security_services | 3.14 |
| mozilla | network_security_services | 3.14.1 |
| mozilla | network_security_services | 3.14.2 |
| mozilla | network_security_services | 3.14.3 |
| mozilla | network_security_services | 3.14.4 |
| mozilla | network_security_services | 3.14.5 |
| mozilla | network_security_services | 3.15 |
| mozilla | network_security_services | 3.15.1 |
| mozilla | network_security_services | 3.15.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References