KLA10732
Security bypass vulnerability in Mozilla Firefox and Firefox ESR
Обновлено: 17/06/2019
Дата обнаружения
22/12/2015
Уровень угрозы
Warning
Описание

Lack of security enforcement was found in Mozilla Firefox. By exploiting this vulnerability malicious users can conduct man-in-the-middle attack. This vulnerability can be exploited remotely via a collision-based attacks.


Technical details

This vulnerability caused by not rejecting MD5 signatures in TLS 1.2 Handshake Protocol traffic.

Пораженные продукты

Firefox versions earlier than 43.0.2
Firefox ESR versions earlier than 38.5.2

Решение

Update to the latest version
Download Firefox ESR
Download Firefox

Первичный источник обнаружения
Mozilla advisory
Оказываемое влияние
?
OSI 
[?]

DoS 
[?]

SB 
[?]

LoI 
[?]
Связанные продукты
Mozilla Firefox
Mozilla Firefox ESR
CVE-IDS
CVE-2015-75754.3Warning