Mozilla Firefox prior to 26.0, Firefox ESR 24.x prior to 24.2, Thunderbird prior to 24.2, and SeaMonkey prior to 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle malicious users to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 18 |
||
fedoraproject fedora 19 |
||
fedoraproject fedora 20 |
||
mozilla firefox |
||
mozilla firefox esr |
||
mozilla seamonkey |
||
mozilla thunderbird |
||
suse suse linux enterprise software development kit 11.0 |
||
opensuse opensuse 12.2 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 13.1 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 11 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 13.04 |
||
canonical ubuntu linux 13.10 |
||
canonical ubuntu linux 12.10 |