X.509 Certificate Spoofing Vulnerability in Mozilla Products
CVE-2009-2408

5.9MEDIUM

Key Information:

Vendor

Mozilla
Status
Firefox
Nss
Vendor
CVE Published:
30 July 2009

What is CVE-2009-2408?

Mozilla Network Security Services (NSS) and associated applications failed to process a null ('\0') character within the Common Name (CN) field of X.509 certificates. This flaw enabled attackers to conduct man-in-the-middle attacks, allowing them to present fraudulent SSL servers by leveraging certificates from legitimate Certification Authorities. Such vulnerabilities undermined user trust and security by manipulating standard certificate authentication mechanisms.

References

http://secunia.com/advisories/36139
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36157
third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1022632
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.