CVE-2013-1740 in Mozilla Network Security Servicesinfo

Summary

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.

Reservation

02/13/2013

Disclosure

01/18/2014

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
11992	Mozilla Network Security Services sslsecur.c ssl_Do1stHandshake cryptographic issue	310	Unproven	Official fix	CVE-2013-1740

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!