CVE Vulnerabilities

CVE-2013-0776

Improper Certificate Validation

Published: Feb 19, 2013 | Modified: Aug 06, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Thunderbird_esr Mozilla * *
Thunderbird Mozilla * *
Seamonkey Mozilla * *
Firefox_esr Mozilla * *
Firefox Mozilla * *

Potential Mitigations

References