5.9
CVE-2013-6673
- EPSS 0.55%
- Veröffentlicht 11.12.2013 15:55:13
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle security@mozilla.org
- Teams Watchlist Login
- Unerledigt Login
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version18
Fedoraproject ≫ Fedora Version19
Fedoraproject ≫ Fedora Version20
Mozilla ≫ Firefox ESR Version >= 24.0 < 24.2
Mozilla ≫ Thunderbird Version < 24.2
Suse ≫ Suse Linux Enterprise Software Development Kit Version11.0 Updatesp3
Suse ≫ Linux Enterprise Desktop Version11 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version12.10
Canonical ≫ Ubuntu Linux Version13.04
Canonical ≫ Ubuntu Linux Version13.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.667 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|