TLS False Start Vulnerability in Mozilla NSS
CVE-2013-1740

Currently unrated

Key Information:

Vendor

Mozilla
Status
Network Security Services
Vendor
CVE Published:
18 January 2014

What is CVE-2013-1740?

The vulnerability exists in the ssl_Do1stHandshake function within the libssl component of Mozilla's Network Security Services (NSS). When the TLS False Start feature is enabled, it exposes the system to man-in-the-middle attackers who can exploit this flaw to spoof SSL servers using arbitrary X.509 certificates during specific handshake traffic, thus compromising secure communications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2014...
vendor-advisoryx_refsource_SUSE
http://www.vmware.com/security/advisories/VMSA-2014-0012....
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.