The X.509 certificate validation functionality in Mozilla Firefox 4.0.x up to and including 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote malicious users to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 4.0 |
||
mozilla firefox 4.0.1 |