CVE-2008-2809 — Improper Input Validation in Mozilla Geckb

CWE-20 — Improper Input Validation7 documents6 sources

Severity

4.0MEDIUMNVD

EPSS

2.0%

top 16.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Geckb Mozilla Seamonkey Mozilla Firefox +1 more

Timeline

PublishedJul 8

Latest updateMay 1

Description

Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

CVSS vector

AV:N/AC:H/C:N/I:P/A:PExploitability: 4.9 | Impact: 4.9

Affected Packages4 packages

▶NVDmozilla/seamonkey1.0.9+1

▶NVDmozilla/firefox14 versions+13

▶NVDmozilla/geckb1.9

▶NVDnetscape/navigator9.0

🔴Vulnerability Details

GHSA

GHSA-pxqv-4rrp-wmpm: Mozilla 1↗2022-05-01

▶

CVEList

CVE-2008-2809: Mozilla 1↗2008-07-08

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2008-07-25

▶

Red Hat

Firefox self signed certificate flaw↗2008-07-02

▶

Ubuntu

Firefox vulnerabilities↗2008-07-02

▶

💬Community

Bugzilla

CVE-2008-2809 Firefox self signed certificate flaw↗2008-06-24

▶