CVE-2007-6590 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6590): Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, SeaMonkey 1.1.5, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Reproducer http://test.eonis.net/ Advisory http://nils.toedtmann.net/pub/subjectAltName.txt Upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=240261
Heh, this bug is from 2004...
This was fixed in 1.8.1.15
CVE-2007-6590 is now rejected, use CVE-2008-2809.
GLSA 200808-03