The cert_TestHostName function in Mozilla prior to 1.7, Firefox prior to 0.9, and Thunderbird prior to 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote malicious users to spoof trusted certificates.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla thunderbird |
||
mozilla firefox |
||
mozilla mozilla |