Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, SeaMonkey 1.1.5, Netscape 9.0,
and other Mozilla-based web browsers, when a user accepts an SSL server
certificate on the basis of the CN domain name in the DN field, regard the
certificate as also accepted for all domain names in subjectAltName:dNSName
fields, which makes it easier for remote attackers to trick a user into
accepting an invalid certificate for a spoofed web site.
Heh, this bug is from 2004...
This was fixed in 184.108.40.206
CVE-2007-6590 is now rejected, use CVE-2008-2809.