Back to search
CVE-2014-8642
Published: Jan 14, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
62242
third-party-advisory
x_refsource_SECUNIA
1031533
vdb-entry
x_refsource_SECTRACK
openSUSE-SU-2015:0192
vendor-advisory
x_refsource_SUSE
62250
third-party-advisory
x_refsource_SECUNIA
firefox-cve20148642-sec-bypass(99963)
vdb-entry
x_refsource_XF
openSUSE-SU-2015:0077
vendor-advisory
x_refsource_SUSE
62418
third-party-advisory
x_refsource_SECUNIA
62316
third-party-advisory
x_refsource_SECUNIA
GLSA-201504-01
vendor-advisory
x_refsource_GENTOO
https://bugzilla.mozilla.org/show_bug.cgi?id=1079658
x_refsource_CONFIRM
62790
third-party-advisory
x_refsource_SECUNIA
62446
third-party-advisory
x_refsource_SECUNIA
72042
vdb-entry
x_refsource_BID
62253
third-party-advisory
x_refsource_SECUNIA
http://www.mozilla.org/security/announce/2014/mfsa2015-08.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now