1
PublicDateAtUSN: 2010-10-20
2
Candidate: CVE-2010-3170
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170
6
https://usn.ubuntu.com/usn/usn-1007-1
8
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before
9
3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a
10
wildcard IP address in the subject's Common Name field of an X.509
11
certificate, which might allow man-in-the-middle attackers to spoof
12
arbitrary SSL servers via a crafted certificate issued by a legitimate
13
Certification Authority.
16
jdstrand> real problem but with very unlikely circumstances
17
jdstrand> needs new NSPR
20
Discovered-by: Richard Moore
21
Assigned-to: chriscoulson
24
upstream_nss: released (3.12.8)
26
hardy_nss: released (3.12.8-0ubuntu0.8.04.1)
27
jaunty_nss: released (3.12.8-0ubuntu0.9.04.1)
28
karmic_nss: released (3.12.8-0ubuntu0.9.10.1)
29
lucid_nss: released (3.12.8-0ubuntu0.10.04.1)
30
maverick_nss: released (3.12.8-0ubuntu0.10.10.1)
31
devel_nss: released (3.12.8-0ubuntu0.10.10.1)
34
upstream_nspr: released (4.8.6)
36
hardy_nspr: not-affected
37
jaunty_nspr: not-affected
38
karmic_nspr: not-affected
39
lucid_nspr: not-affected
40
maverick_nspr: not-affected
41
devel_nspr: not-affected