Hash Collision Vulnerability in Network Security Services Library and Related Products
CVE-2009-2409

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox; Nss
Vendor: CVE Published:; 30 July 2009

What is CVE-2009-2409?

The Network Security Services (NSS) library, alongside GnuTLS and certain versions of OpenSSL, contain a vulnerability due to flaws in the MD2 hashing algorithm. This can allow remote attackers to exploit hash collisions in X.509 certificates, potentially leading to certificate spoofing. While the attack complexity is high and computational resources required are significant, effective mitigations should be employed to safeguard applications relying on these libraries.

References

http://secunia.com/advisories/36139

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/36157

third-party-advisoryx_refsource_SECUNIA

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

Timeline

Vulnerability published
Jul 30, 2009
Vulnerability Reserved
Jul 9, 2009

Mozilla

What is CVE-2009-2409?

References

Timeline