Hash Collision Vulnerability in Network Security Services Library and Related Products
CVE-2009-2409

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Firefox
Nss
Vendor
CVE Published:
30 July 2009

What is CVE-2009-2409?

The Network Security Services (NSS) library, alongside GnuTLS and certain versions of OpenSSL, contain a vulnerability due to flaws in the MD2 hashing algorithm. This can allow remote attackers to exploit hash collisions in X.509 certificates, potentially leading to certificate spoofing. While the attack complexity is high and computational resources required are significant, effective mitigations should be employed to safeguard applications relying on these libraries.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/36139
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36157
third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.