Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:17820
HistoryMay 02, 2019 - 6:02 a.m.

Certificate Validation Bypas

2019-05-0206:02:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5

0.006 Low

EPSS

Percentile

77.7%

JSON

Mozilla Firefox is vulnerable to certificate validation bypass. An attacker could first obtain a valid signature for a fraudulent addon, which can be done without review, then hijack the call between the user and AMO to replace the response from /update/VersionCheck.php with the IDs of the fraudulent addon resulting in man-in-the middle attacks.

Related

ubuntucve 1
nvd 1
redhatcve 1
prion 1
debiancve 1
cve 1
cvelist 1
ibm 2
nessus 19
redhat 1
centos 1
openvas 20
debian 2
oraclelinux 1
osv 1
mageia 2
suse 5
mozilla 2
archlinux 1
ubuntu 1
kaspersky 1
freebsd 1
gentoo 1
ubuntucve
ubuntucve
CVE-2016-9064
2016-11-16 00:00:00
nvd
nvd
CVE-2016-9064
2018-06-11 21:29:01
redhatcve
redhatcve
CVE-2016-9064
2016-11-16 03:47:49
prion
prion
Code injection
2018-06-11 21:29:00
debiancve
debiancve
CVE-2016-9064
2018-06-11 21:29:01
cve
cve
CVE-2016-9064
2018-06-11 21:29:01
cvelist
cvelist
CVE-2016-9064
2018-06-11 21:00:00
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:33:15
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified.
2018-06-18 00:32:14
nessus
nessus
EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1085)
2017-05-01 00:00:00
Debian DLA-730-1 : firefox-esr security update
2016-12-02 00:00:00
Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-2780)
2016-11-17 00:00:00
redhat
redhat
(RHSA-2016:2780) Critical: firefox security update
2016-11-16 00:00:00
centos
centos
firefox security update
2016-11-19 11:43:55
openvas
openvas
RedHat Update for firefox RHSA-2016:2780-01
2016-11-17 00:00:00
CentOS Update for firefox CESA-2016:2780 centos6
2016-11-20 00:00:00
Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2016-1085)
2020-01-23 00:00:00
debian
debian
[SECURITY] [DLA 730-1] firefox-esr security update
2016-12-01 21:45:13
[SECURITY] [DSA 3716-1] firefox-esr security update
2016-11-16 21:27:57
oraclelinux
oraclelinux
firefox security update
2016-11-16 00:00:00
osv
osv
firefox-esr - security update
2016-12-01 00:00:00
mageia
mageia
Updated nss and firefox packages fix security vulnerabilities
2016-11-17 17:10:52
Updated iceape packages fix security vulnerabilities
2017-09-02 00:10:29
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-05 21:07:10
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-10 23:09:49
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-13 13:07:50
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 45.5 — Mozilla
2016-11-15 00:00:00
Security vulnerabilities fixed in Firefox 50 — Mozilla
2016-11-15 00:00:00
archlinux
archlinux
[ASA-201611-16] firefox: multiple issues
2016-11-16 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2016-11-19 00:00:00
kaspersky
kaspersky
KLA11272 Multiple vulnerabilities in Mozilla Firefox
2016-11-15 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-11-15 00:00:00
gentoo
gentoo
Mozilla Firefox, Thunderbird: Multiple vulnerabilities
2017-01-03 00:00:00

0.006 Low

EPSS

Percentile

77.7%

JSON
Related for VERACODE:17820
ubuntucve1nvd1redhatcve1prion1debiancve1cve1cvelist1ibm2nessus19redhat1centos1openvas20debian2oraclelinux1osv1mageia2suse5mozilla2archlinux1ubuntu1kaspersky1freebsd1gentoo1