Mozilla Firefox and SeaMonkey Trust Vulnerability
CVE-2014-8642

Currently unrated

Key Information:

Vendor: Mozilla
Status: Seamonkey
Vendor: CVE Published:; 14 January 2015

Summary

Older versions of Mozilla Firefox and SeaMonkey do not properly validate the id-pkix-ocsp-nocheck extension, which can lead to an increased risk of accepting compromised and revoked certificates. This flaw allows remote attackers to intercept and sniff network traffic, potentially exposing sensitive information during sessions that incorrectly trust invalid certificates.

References

http://secunia.com/advisories/62242

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1031533

vdb-entryx_refsource_SECTRACK

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Jan 14, 2015
Vulnerability Reserved
Nov 6, 2014