TLS False Start Vulnerability in Mozilla NSS
CVE-2013-1740

Currently unrated

Key Information:

Vendor

Mozilla

Vendor
CVE Published:
18 January 2014

What is CVE-2013-1740?

The vulnerability exists in the ssl_Do1stHandshake function within the libssl component of Mozilla's Network Security Services (NSS). When the TLS False Start feature is enabled, it exposes the system to man-in-the-middle attackers who can exploit this flaw to spoof SSL servers using arbitrary X.509 certificates during specific handshake traffic, thus compromising secure communications.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2013-1740 : TLS False Start Vulnerability in Mozilla NSS