The Public Key Pinning (PKP) implementation in Mozilla Firefox prior to 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote malicious users to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 30.0 |
||
mozilla firefox 31.1.0 |
||
mozilla firefox 31.0 |
||
mozilla firefox |