TLS False Start Vulnerability in Mozilla NSS
CVE-2013-1740
Currently unrated
What is CVE-2013-1740?
The vulnerability exists in the ssl_Do1stHandshake function within the libssl component of Mozilla's Network Security Services (NSS). When the TLS False Start feature is enabled, it exposes the system to man-in-the-middle attackers who can exploit this flaw to spoof SSL servers using arbitrary X.509 certificates during specific handshake traffic, thus compromising secure communications.