Searching
..

Click anywhere to stop

KLA10732
Security bypass vulnerability in Mozilla Firefox and Firefox ESR

Updated: 01/22/2024
Detect date
?
12/22/2015
Severity
?
Warning
Description

Lack of security enforcement was found in Mozilla Firefox. By exploiting this vulnerability malicious users can conduct man-in-the-middle attack. This vulnerability can be exploited remotely via a collision-based attacks.


Technical details

This vulnerability caused by not rejecting MD5 signatures in TLS 1.2 Handshake Protocol traffic.

Affected products

Firefox versions earlier than 43.0.2
Firefox ESR versions earlier than 38.5.2

Solution

Update to the latest version
Download Firefox ESR
Download Firefox

Original advisories

Mozilla advisory

Impacts
?
OSI 
[?]

DoS 
[?]

SB 
[?]

LoI 
[?]
Related products
Mozilla Firefox
Mozilla Firefox ESR
CVE-IDS
?
CVE-2015-75754.3Warning
Find out the statistics of the vulnerabilities spreading in your region