KLA10732
Security bypass vulnerability in Mozilla Firefox and Firefox ESR
Updated: 05/04/2018
CVSS
?
4.3
Detect date
?
12/22/2015
Severity
?
Warning
Description

Lack of security enforcement was found in Mozilla Firefox. By exploiting this vulnerability malicious users can conduct man-in-the-middle attack. This vulnerability can be exploited remotely via a collision-based attacks.


Technical details

This vulnerability caused by not rejecting MD5 signatures in TLS 1.2 Handshake Protocol traffic.

Affected products

Firefox versions earlier than 43.0.2
Firefox ESR versions earlier than 38.5.2

Solution

Update to the latest version
Download Firefox ESR
Download Firefox

Original advisories

Mozilla advisory

Impacts
?
SB 
[?]
Related products
Mozilla Firefox ESR
Mozilla Firefox
CVE-IDS
?

CVE-2015-7575