CVE Vulnerabilities

CVE-2010-3173

Published: Oct 21, 2010 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 3.6.2 3.6.2
Firefox Mozilla 3.6.3 3.6.3
Firefox Mozilla 3.6.8 3.6.8
Firefox Mozilla 3.6.9 3.6.9
Firefox Mozilla 3.6.6 3.6.6
Firefox Mozilla 3.6.10 3.6.10
Firefox Mozilla 3.6.7 3.6.7
Firefox Mozilla 3.6.4 3.6.4
Firefox Mozilla 3.6 3.6

References