CVE-2008-2809
Published Jul 8, 2008
Last updated 6 years ago
Overview
- Description
- Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 4.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:N/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3D956DC-C73B-439F-8D79-8239207CC76F"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6121F9C1-F4DF-4AAB-9E51-AC1592AA5639"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58D44634-A0B5-4F05-8983-B08D392EC742"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB3AC3D3-FDD7-489F-BDCF-BDB55DF33A8B"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4105171B-9C90-4ABF-B220-A35E7BA9EE40"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20985549-DB24-4B69-9D40-208A47AE658E"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43A13026-416F-4308-8A1B-E989BD769E12"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "612B015E-9F96-4CE6-83E4-23848FD609E5"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E391619-0967-43E1-8CBC-4D54F72A85C2"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0544D626-E269-4677-9B05-7DAB23BD103B"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C95F7B2C-80FC-4DF2-9680-F74634DCE3E6"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "863C140E-DC15-4A88-AB8A-8AEF9F4B8164"
},
{
"criteria": "cpe:2.3:a:mozilla:geckb:*:m8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AE6FF40-5C89-47F1-928C-7BC7DB7A57F3",
"versionEndIncluding": "1.9"
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0E9314D-0D23-4572-9956-D2E8B53540B1",
"versionEndIncluding": "1.0.9"
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76AD0439-3BFB-4AD1-8E2C-99D0B099FA8C"
},
{
"criteria": "cpe:2.3:a:netscape:navigator:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DE436EA-9F65-4B62-A11D-B102F5E5E9FC"
}
],
"operator": "OR"
}
]
}
]