cbcvebase.
CVE-2008-2809
published 2008-07-08

CVE-2008-2809: Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web…

PriorityP415medium4CVSS 2.0
AVNACHAuNCNIPAP
EPSS
1.24%
65.4th percentile
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

Affected

18 ranges
VendorProductVersion rangeFixed in
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillageckb<= 1.9
mozillaseamonkey<= 1.0.9
mozillaseamonkey
netscapenavigator

CVSS provenance

nvdv2.04.0MEDIUMAV:N/AC:H/Au:N/C:N/I:P/A:P
vendor_ubuntu10.0CRITICAL
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.