CVE-2013-1740

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services
Vendor: CVE Published:; 18 January 2014

Summary

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2014...

vendor-advisoryx_refsource_SUSE

http://www.vmware.com/security/advisories/VMSA-2014-0012....

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 18, 2014
Vulnerability Reserved
Feb 13, 2013