Mozilla 1.5 up to and including 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote malicious users to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla mozilla |