Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.

Affected configurations

Vulners

Node

mozillafirefoxRange<3.5.9

mozillafirefoxRange<3.6.2

mozillaseamonkeyRange<2.0.4

mozillathunderbirdRange<3.0.4

CPENameOperatorVersion
firefoxlt3.5.9
firefoxlt3.6.2
seamonkeylt2.0.4
thunderbirdlt3.0.4

Name	Operator	Version
firefox	lt	3.5.9
firefox	lt	3.6.2
seamonkey	lt	2.0.4
thunderbird	lt	3.0.4

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

bugzilla.mozilla.org/show_bug.cgi?id=545755

nessus 65

openvas 63

debian 6

fedora 10

fortinet 1

securityvulns 7

ubuntu 5

cvelist 1

veracode 1

seebug 4

cisco 2

hackerone 2

nvd 1

oraclelinux 2

centos 2

altlinux 4

slackware 1

redhat 3

suse 1

cve 1

checkpoint_advisories 3

cert 1

packetstorm 1

f5 2

openssl 1

ubuntucve 1

freebsd_advisory 1

prion 1

osv 1

exploitpack 1

debiancve 1

ibm 1

github 1

nginx 1

nessus

SuSE9 Security Update : IBM Java 1.4.2 (YOU Patch Number 12621)

2010-06-11 00:00:00

openSUSE Security Update : libopenssl-devel (libopenssl-devel-1554)

2009-11-19 00:00:00

SuSE 11 Security Update : OpenSSL (SAT Patch Number 1544)

2009-11-17 00:00:00

openvas

SLES10: Security update for OpenSSL

2009-11-17 00:00:00

Fedora Core 12 FEDORA-2009-12968 (nss-util)

2009-12-14 00:00:00

Mandriva Update for mandriva-release MDVA-2010:069 (mandriva-release)

2010-02-19 00:00:00

debian

[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option

2011-01-05 23:21:00

[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw

2011-01-05 23:20:31

[SECURITY] [DSA-2141-4] New lighttpd packages fix regression

2011-01-12 18:51:18

fedora

[SECURITY] Fedora 12 Update: nss-util-3.12.5-1.fc12.1

2009-12-10 04:13:15

[SECURITY] Fedora 12 Update: proftpd-1.3.2c-1.fc12

2009-12-27 20:24:34

[SECURITY] Fedora 12 Update: tomcat-native-1.1.18-1.fc12

2009-12-18 04:35:37

fortinet

FortiOS SSL Deep-Inspection possible Insecure Renegotiation

2017-11-03 00:00:00

securityvulns

[ MDVSA-2009:295 ] apache

2009-11-09 00:00:00

SSL data injection

2010-02-10 00:00:00

[ MDVSA-2009:337 ] proftpd

2009-12-22 00:00:00

ubuntu

NSS vulnerability

2010-07-23 00:00:00

nss vulnerability

2010-06-29 00:00:00

NSS vulnerability

2010-04-09 00:00:00

cvelist

CVE-2009-3555

2009-11-09 17:00:00

veracode

Man-in-the-Middle (MitM)

2020-04-10 00:36:56

seebug

Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability

2009-11-10 00:00:00

TLS Renegotiation Vulnerability PoC Exploit

2009-12-21 00:00:00

ProFTPD TLS会话重协商明文数据注入漏洞

2009-12-15 00:00:00

cisco

Transport Layer Security Renegotiation Vulnerability

2009-11-09 13:00:00

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability

2009-11-05 19:53:52

hackerone

Slack: TLS1/SSLv3 Renegotiation Vulnerability

2014-04-02 13:01:00

LocalTapiola: Secure Client-Initiated Renegotiation

2017-12-27 15:57:52

nvd

CVE-2009-3555

2009-11-09 17:30:00

oraclelinux

openssl097a security update

2010-03-25 00:00:00

nss security update

2010-03-25 00:00:00

centos

openssl097a security update

2010-03-27 17:44:36

nspr, nss security update

2010-03-28 15:36:50

altlinux

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8l-alt1

2009-11-07 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 0.9.8l-alt1

2009-11-07 00:00:00

Security fix for the ALT Linux 6 package openssl10 version 0.9.8l-alt1

2009-11-07 00:00:00

slackware

openssl

2009-11-16 13:42:36

redhat

(RHSA-2010:0164) Moderate: openssl097a security update

2010-03-25 00:00:00

(RHSA-2010:0155) Moderate: java-1.4.2-ibm security and bug fix update

2010-03-17 00:00:00

(RHSA-2010:0165) Moderate: nss security update

2010-03-25 00:00:00

suse

man-in-the-middle attack in openssl

2009-11-18 09:50:39

cve

CVE-2009-3555

2009-11-09 17:30:00

checkpoint_advisories

TLS Renegotiation (CVE-2009-3555)

2009-11-22 00:00:00

TLS Client Initiated Renegotiation (CVE-2009-3555)

2009-11-23 00:00:00

Preemptive Protection against TLS and SSL Spoofing Vulnerability

2010-02-09 00:00:00

cert

SSL and TLS protocols renegotiation vulnerability

2009-11-11 00:00:00

packetstorm

TLS Renegotiation Exploit

2009-12-21 00:00:00

K10737 : SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541

2013-07-05 00:00:00

SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541

2009-11-05 00:00:00

openssl

Vulnerability in OpenSSL CVE-2009-3555

2009-11-05 00:00:00

ubuntucve

CVE-2009-3555

2009-11-09 00:00:00

freebsd_advisory

FreeBSD-SA-09:15.ssl

2009-12-03 00:00:00

prion

Cross site request forgery (csrf)

2009-11-09 17:30:00

osv

Apache Tomcat affected by vulnerability in TLS and SSL protocol

2022-05-02 03:46:22

exploitpack

TLS - Renegotiation

2009-12-21 00:00:00

debiancve

CVE-2009-3555

2009-11-09 17:30:00

ibm

Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Netcool/OMNIbus Probe for Network Node Manager i (CVE-2009-3555)

2020-06-23 08:41:14

github

Apache Tomcat affected by vulnerability in TLS and SSL protocol

2022-05-02 03:46:22

nginx

The renegotiation vulnerability in SSL protocol

2009-11-09 17:30:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

69.4%

JSON

Related for MFSA2010-22