Summary: | Mozilla Browsers SSL subjectAltName:dNSName certificate spoofing (CVE-2008-2809) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mozilla |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.mozilla.org/show_bug.cgi?id=240261 | ||
Whiteboard: | A4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 230567 | ||
Bug Blocks: |
Description
Robert Buchholz (RETIRED)
![]() Reproducer http://test.eonis.net/ Advisory http://nils.toedtmann.net/pub/subjectAltName.txt Upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=240261 Heh, this bug is from 2004... This was fixed in 1.8.1.15 CVE-2007-6590 is now rejected, use CVE-2008-2809. GLSA 200808-03 |