CVE-2010-3173 — Mozilla Firefox vulnerability

CWE-3109 documents9 sources

Severity

7.5HIGHNVD

EPSS

2.3%

top 15.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla NSS Mozilla Firefox Mozilla Seamonkey +1 more

Timeline

PublishedOct 21

Latest updateMay 1

Description

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDmozilla/firefox3.5.13+91

▶NVDmozilla/seamonkey2.0.8+41

▶NVDmozilla/thunderbird3.0.8+71

▶Debianmozilla/nss< 3.12.8-1+3

🔴Vulnerability Details

GHSA

GHSA-qx2q-p5g3-ww8g: The SSL implementation in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2010-3173: The SSL implementation in Mozilla Firefox before 3↗2010-10-21

▶

OSV

CVE-2010-3173: The SSL implementation in Mozilla Firefox before 3↗2010-10-21

▶

📋Vendor Advisories

Ubuntu

NSS vulnerabilities↗2010-10-20

▶

Red Hat

NSS: insecure Diffie-Hellman key exchange↗2010-10-19

▶

Debian

CVE-2010-3173: nss - The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11,...↗2010

▶

📄Research Papers

arXiv

Graphene: Infrastructure Security Posture Analysis with AI-generated Attack Graphs↗2024-05-01

▶

💬Community

Bugzilla

CVE-2010-3173 NSS: insecure Diffie-Hellman key exchange↗2010-10-12

▶