After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 72.0 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | nspr-0:4.25.0-2.el7_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | nss-0:3.53.1-3.el7_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | nss-softokn-0:3.53.1-6.el7_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | nss-util-0:3.53.1-1.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | nspr-0:4.25.0-2.el8_2 | * |
| Red Hat Enterprise Linux 8 | RedHat | nss-0:3.53.1-11.el8_2 | * |
| Red Hat OpenShift Do | RedHat | openshiftdo/odo-init-image-rhel7:1.1.3-2 | * |
| Firefox | Ubuntu | bionic | * |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | disco | * |
| Firefox | Ubuntu | eoan | * |
| Firefox | Ubuntu | focal | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Nss | Ubuntu | bionic | * |
| Nss | Ubuntu | disco | * |
| Nss | Ubuntu | eoan | * |
| Nss | Ubuntu | trusty | * |
| Nss | Ubuntu | upstream | * |