vendor:
Network Security Services (NSS)
by:
SecurityFocus
7.5
CVSS
HIGH
Security Bypass
295
CWE
Product Name: Network Security Services (NSS)
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Mozilla Network Security Services (NSS) Security Bypass Vulnerability
Mozilla Network Security Services (NSS) is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. The NSS library is used by a number of applications, including Mozilla Firefox, Thunderbird, and SeaMonkey. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
Mitigation:
Ensure that the domain name in a signed CA certificate is properly validated.