CVE-2009-2408

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
References
Link Resource
http://isc.sans.org/diary.html?storyid=7003 Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html Mailing List
http://marc.info/?l=oss-security&m=125198917018936&w=2 Mailing List
http://osvdb.org/56723 Broken Link
http://secunia.com/advisories/36088 Broken Link Vendor Advisory
http://secunia.com/advisories/36125 Broken Link Vendor Advisory
http://secunia.com/advisories/36139 Broken Link Vendor Advisory
http://secunia.com/advisories/36157 Broken Link Vendor Advisory
http://secunia.com/advisories/36434 Broken Link Vendor Advisory
http://secunia.com/advisories/36669 Broken Link
http://secunia.com/advisories/37098 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 Broken Link
http://www.debian.org/security/2009/dsa-1874 Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 Broken Link
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html Vendor Advisory
http://www.novell.com/linux/security/advisories/2009_48_firefox.html Broken Link
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1207.html Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1432.html Broken Link
http://www.securitytracker.com/id?1022632 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-810-1 Third Party Advisory
http://www.vupen.com/english/advisories/2009/2085 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2009/3184 Broken Link
http://www.wired.com/threatlevel/2009/07/kaminsky/ Press/Media Coverage
https://bugzilla.redhat.com/show_bug.cgi?id=510251 Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 Broken Link
https://usn.ubuntu.com/810-2/ Broken Link
http://isc.sans.org/diary.html?storyid=7003 Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html Mailing List
http://marc.info/?l=oss-security&m=125198917018936&w=2 Mailing List
http://osvdb.org/56723 Broken Link
http://secunia.com/advisories/36088 Broken Link Vendor Advisory
http://secunia.com/advisories/36125 Broken Link Vendor Advisory
http://secunia.com/advisories/36139 Broken Link Vendor Advisory
http://secunia.com/advisories/36157 Broken Link Vendor Advisory
http://secunia.com/advisories/36434 Broken Link Vendor Advisory
http://secunia.com/advisories/36669 Broken Link
http://secunia.com/advisories/37098 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 Broken Link
http://www.debian.org/security/2009/dsa-1874 Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 Broken Link
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html Vendor Advisory
http://www.novell.com/linux/security/advisories/2009_48_firefox.html Broken Link
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1207.html Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1432.html Broken Link
http://www.securitytracker.com/id?1022632 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-810-1 Third Party Advisory
http://www.vupen.com/english/advisories/2009/2085 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2009/3184 Broken Link
http://www.wired.com/threatlevel/2009/07/kaminsky/ Press/Media Coverage
https://bugzilla.redhat.com/show_bug.cgi?id=510251 Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 Broken Link
https://usn.ubuntu.com/810-2/ Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

History

21 Nov 2024, 01:04

Type Values Removed Values Added
References () http://isc.sans.org/diary.html?storyid=7003 - Broken Link () http://isc.sans.org/diary.html?storyid=7003 - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html - Mailing List
References () http://marc.info/?l=oss-security&m=125198917018936&w=2 - Mailing List () http://marc.info/?l=oss-security&m=125198917018936&w=2 - Mailing List
References () http://osvdb.org/56723 - Broken Link () http://osvdb.org/56723 - Broken Link
References () http://secunia.com/advisories/36088 - Broken Link, Vendor Advisory () http://secunia.com/advisories/36088 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/36125 - Broken Link, Vendor Advisory () http://secunia.com/advisories/36125 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/36139 - Broken Link, Vendor Advisory () http://secunia.com/advisories/36139 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/36157 - Broken Link, Vendor Advisory () http://secunia.com/advisories/36157 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/36434 - Broken Link, Vendor Advisory () http://secunia.com/advisories/36434 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/36669 - Broken Link () http://secunia.com/advisories/36669 - Broken Link
References () http://secunia.com/advisories/37098 - Broken Link () http://secunia.com/advisories/37098 - Broken Link
References () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 - Broken Link () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 - Broken Link
References () http://www.debian.org/security/2009/dsa-1874 - Mailing List () http://www.debian.org/security/2009/dsa-1874 - Mailing List
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 - Broken Link
References () http://www.mozilla.org/security/announce/2009/mfsa2009-42.html - Vendor Advisory () http://www.mozilla.org/security/announce/2009/mfsa2009-42.html - Vendor Advisory
References () http://www.novell.com/linux/security/advisories/2009_48_firefox.html - Broken Link () http://www.novell.com/linux/security/advisories/2009_48_firefox.html - Broken Link
References () http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h - Broken Link () http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2009-1207.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2009-1207.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2009-1432.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2009-1432.html - Broken Link
References () http://www.securitytracker.com/id?1022632 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1022632 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-810-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-810-1 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2009/2085 - Broken Link, Vendor Advisory () http://www.vupen.com/english/advisories/2009/2085 - Broken Link, Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/3184 - Broken Link () http://www.vupen.com/english/advisories/2009/3184 - Broken Link
References () http://www.wired.com/threatlevel/2009/07/kaminsky/ - Press/Media Coverage () http://www.wired.com/threatlevel/2009/07/kaminsky/ - Press/Media Coverage
References () https://bugzilla.redhat.com/show_bug.cgi?id=510251 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=510251 - Issue Tracking
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 - Broken Link
References () https://usn.ubuntu.com/810-2/ - Broken Link () https://usn.ubuntu.com/810-2/ - Broken Link

14 Feb 2024, 17:21

Type Values Removed Values Added
CWE CWE-20 CWE-295
CVSS v2 : 6.8
v3 : unknown
v2 : 6.8
v3 : 5.9
CPE cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:nss:3.11.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:nss:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.1:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:nss:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:nss:3.11.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.2:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:nss:3.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:nss:3.11.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:nss:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.2:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
First Time Canonical
Canonical ubuntu Linux
Debian debian Linux
Suse
Suse linux Enterprise
Debian
Opensuse opensuse
Suse linux Enterprise Server
Opensuse
Mozilla network Security Services
References (MLIST) http://marc.info/?l=oss-security&m=125198917018936&w=2 - (MLIST) http://marc.info/?l=oss-security&m=125198917018936&w=2 - Mailing List
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2009/2085 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2009/2085 - Broken Link, Vendor Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html - Mailing List
References (SECUNIA) http://secunia.com/advisories/37098 - (SECUNIA) http://secunia.com/advisories/37098 - Broken Link
References (UBUNTU) https://usn.ubuntu.com/810-2/ - (UBUNTU) https://usn.ubuntu.com/810-2/ - Broken Link
References (SECUNIA) http://secunia.com/advisories/36088 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/36088 - Broken Link, Vendor Advisory
References (MISC) http://www.wired.com/threatlevel/2009/07/kaminsky/ - (MISC) http://www.wired.com/threatlevel/2009/07/kaminsky/ - Press/Media Coverage
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 - Broken Link
References (OSVDB) http://osvdb.org/56723 - (OSVDB) http://osvdb.org/56723 - Broken Link
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=510251 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=510251 - Issue Tracking
References (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 - (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 - Broken Link
References (SECUNIA) http://secunia.com/advisories/36669 - (SECUNIA) http://secunia.com/advisories/36669 - Broken Link
References (SECUNIA) http://secunia.com/advisories/36125 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/36125 - Broken Link, Vendor Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2009/3184 - (VUPEN) http://www.vupen.com/english/advisories/2009/3184 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 - Broken Link
References (DEBIAN) http://www.debian.org/security/2009/dsa-1874 - (DEBIAN) http://www.debian.org/security/2009/dsa-1874 - Mailing List
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1207.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1207.html - Broken Link
References (UBUNTU) http://www.ubuntu.com/usn/usn-810-1 - (UBUNTU) http://www.ubuntu.com/usn/usn-810-1 - Third Party Advisory
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1432.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1432.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/36434 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/36434 - Broken Link, Vendor Advisory
References (SECTRACK) http://www.securitytracker.com/id?1022632 - (SECTRACK) http://www.securitytracker.com/id?1022632 - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/36139 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/36139 - Broken Link, Vendor Advisory
References (SUSE) http://www.novell.com/linux/security/advisories/2009_48_firefox.html - (SUSE) http://www.novell.com/linux/security/advisories/2009_48_firefox.html - Broken Link
References (CONFIRM) http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h - (CONFIRM) http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h - Broken Link
References (MISC) http://isc.sans.org/diary.html?storyid=7003 - (MISC) http://isc.sans.org/diary.html?storyid=7003 - Broken Link
References (SECUNIA) http://secunia.com/advisories/36157 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/36157 - Broken Link, Vendor Advisory

Information

Published : 2009-07-30 19:30

Updated : 2024-11-21 01:04


NVD link : CVE-2009-2408

Mitre link : CVE-2009-2408

CVE.ORG link : CVE-2009-2408


JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
  • network_security_services
  • seamonkey

opensuse

  • opensuse

suse

  • linux_enterprise_server
  • linux_enterprise

canonical

  • ubuntu_linux

debian

  • debian_linux
CWE
CWE-295

Improper Certificate Validation