Mozilla 1.9 M8 and previous versions, Mozilla Firefox 2 prior to 2.0.0.15, SeaMonkey 1.1.5 and other versions prior to 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote malicious users to trick a user into accepting an invalid certificate for a spoofed web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 2.0.0.2 |
||
mozilla firefox 2.0.0.3 |
||
netscape navigator 9.0 |
||
mozilla geckb |
||
mozilla firefox 2.0.0.13 |
||
mozilla firefox 2.0.0.14 |
||
mozilla firefox 2.0.0.9 |
||
mozilla seamonkey 1.1.5 |
||
mozilla firefox 2.0.0.11 |
||
mozilla firefox 2.0.0.12 |
||
mozilla firefox 2.0.0.7 |
||
mozilla firefox 2.0.0.8 |
||
mozilla firefox 2.0.0.1 |
||
mozilla firefox 2.0.0.10 |
||
mozilla firefox 2.0.0.4 |
||
mozilla firefox 2.0.0.5 |
||
mozilla firefox 2.0.0.6 |
||
mozilla seamonkey |