4.3

CVE-2015-2741

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.

Data is provided by the National Vulnerability Database (NVD)
MozillaFirefox Version <= 38.1.0
OracleSolaris Version11.3
MozillaFirefox Version31.0
MozillaFirefox Version31.1.0
MozillaFirefox Version31.1.1
MozillaFirefox Version31.3.0
MozillaFirefox Version31.5.1
MozillaFirefox Version31.5.2
MozillaFirefox Version31.5.3
MozillaFirefox Version38.0
MozillaFirefox ESR Version31.1
MozillaFirefox ESR Version31.2
MozillaFirefox ESR Version31.3
MozillaFirefox ESR Version31.4
MozillaFirefox ESR Version31.5
MozillaFirefox ESR Version31.6.0
MozillaFirefox ESR Version31.7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.56% 0.673
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N