5.9

CVE-2013-6673

Exploit
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version18
FedoraprojectFedora Version19
FedoraprojectFedora Version20
MozillaFirefox Version < 26.0
MozillaFirefox Version >= 24.0 < 24.2
MozillaSeamonkey Version < 2.23
MozillaThunderbird Version < 24.2
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
SuseLinux Enterprise Desktop Version11 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformvmware
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
CanonicalUbuntu Linux Version13.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.667
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securitytracker.com/id/1029470
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029476
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/64213
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=917380
Vendor Advisory
Exploit
Issue Tracking