CVE Vulnerabilities

CVE-2014-1584

Published: Oct 15, 2014 | Modified: Dec 22, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 32.0
Firefox Mozilla 31.0 31.0
Firefox Mozilla 30.0 30.0
Firefox Mozilla 31.1.0 31.1.0

References