Ubuntu.comUB:CVE-2014-1584CVE-2014-1584
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
71.9%
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0
skips pinning checks upon an unspecified issuer-verification error, which
makes it easier for remote attackers to bypass an intended pinning
configuration and spoof a web site via a crafted certificate that leads to
presentation of the Untrusted Connection dialog to the user.
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
71.9%