Mozilla Network Security Services (NSS) prior to 3.19, as used in Mozilla Firefox prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, Thunderbird prior to 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle malicious users to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 12.04 |
||
novell suse linux enterprise server 12.0 |
||
novell suse linux enterprise server 11 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |
||
novell suse linux enterprise desktop 12.0 |
||
canonical ubuntu linux 15.04 |
||
novell suse linux enterprise software development kit 12.0 |
||
mozilla network_security_services 3.19 |
||
oracle solaris 11.3 |
||
oracle vm server 3.2 |