CVE-2009-2408 — Improper Certificate Validation in Mozilla Firefox

CWE-295 — Improper Certificate Validation CWE-20 — Improper Input Validation CWE-626 — Null Byte Interaction Error (Poison Null Byte)39 documents8 sources

Severity

5.9MEDIUMNVD

EPSS

3.4%

top 12.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla NSS Mozilla Firefox Mozilla Network Security Services +7 more

Timeline

PublishedJul 30

Latest updateMay 2

Description

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages7 packages

▶NVDmozilla/network_security_services< 3.12.3

▶NVDmozilla/firefox< 3.0.13

▶NVDmozilla/seamonkey< 1.1.18

▶NVDmozilla/thunderbird< 2.0.0.23

▶Debianmozilla/nss< 3.12.3-1+3

Also affects: Debian Linux 5.0, Linux Enterprise 10.0, 11.0, Ubuntu Linux 8.04, 8.10, 9.04

🔴Vulnerability Details

GHSA

GHSA-pm7c-vg9h-jxxc: Mozilla Network Security Services (NSS) before 3↗2022-05-02

▶

OSV

CVE-2009-2702: KDE KSSL in kdelibs 3↗2009-09-08

▶

OSV

CVE-2009-2700: src/network/ssl/qsslcertificate↗2009-09-02

▶

OSV

CVE-2009-2408: Mozilla Network Security Services (NSS) before 3↗2009-07-30

▶

CVEList

CVE-2009-2408: Mozilla Network Security Services (NSS) before 3↗2009-07-30

▶

📋Vendor Advisories

Red Hat

php: hostname check bypassing vulnerability in SSL client↗2013-08-13

▶

Red Hat

python: hostname check bypassing vulnerability in SSL module↗2013-08-12

▶

Red Hat

ruby: hostname check bypassing vulnerability in SSL client↗2013-06-27

▶

Red Hat

w3m: doesn't handle NULL in Common Name properly↗2010-06-14

▶

Red Hat

libESMTP: Multiple certificate validation flaws↗2010-03-03

▶

💬Community

Bugzilla

CVE-2010-3170 firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely↗2010-09-03

▶

Bugzilla

CVE-2010-5076 Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name↗2010-09-03

▶

Bugzilla

CVE-2010-1192 CVE-2010-1194 libESMTP: Multiple certificate validation flaws↗2010-03-09

▶

Bugzilla

CVE-2009-4034 postgresql: incorrect verification of SSL certificates with NUL in name↗2009-12-15

▶

Bugzilla

CVE-2009-3942 msmtp SSL NULL prefix flaw↗2009-11-16

▶