Security bypass vulnerability in Mozilla Firefox and Firefox ESR

Описание

Lack of security enforcement was found in Mozilla Firefox. By exploiting this vulnerability malicious users can conduct man-in-the-middle attack. This vulnerability can be exploited remotely via a collision-based attacks.

---

Technical details

This vulnerability caused by not rejecting MD5 signatures in TLS 1.2 Handshake Protocol traffic.

Первичный источник обнаружения

• Mozilla advisory
  

Связанные продукты

• Mozilla-Firefox
• Mozilla-Firefox-ESR

Список CVE

• CVE-2015-7575
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com