CVE-2013-1740

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.

Published : 2014-01-18 22:55 Updated : 2018-10-09 19:33

5.8
CVSS Score More info
Score 5.8 / 10
5.8
Vendor Product Version URI
Mozilla Network Security Services 3.12.11 cpe:/a:mozilla:network_security_services:3.12.11
Mozilla Network Security Services 3.14 cpe:/a:mozilla:network_security_services:3.14
Mozilla Network Security Services 3.15 cpe:/a:mozilla:network_security_services:3.15
Mozilla Network Security Services 3.12 cpe:/a:mozilla:network_security_services:3.12
Mozilla Network Security Services 3.2 cpe:/a:mozilla:network_security_services:3.2
Mozilla Network Security Services 3.3 cpe:/a:mozilla:network_security_services:3.3
Mozilla Network Security Services 3.12.10 cpe:/a:mozilla:network_security_services:3.12.10
Mozilla Network Security Services 3.6 cpe:/a:mozilla:network_security_services:3.6
Mozilla Network Security Services 3.4 cpe:/a:mozilla:network_security_services:3.4
Mozilla Network Security Services 3.6.1 cpe:/a:mozilla:network_security_services:3.6.1
Mozilla Network Security Services 3.7.1 cpe:/a:mozilla:network_security_services:3.7.1
Mozilla Network Security Services 3.3.2 cpe:/a:mozilla:network_security_services:3.3.2
Mozilla Network Security Services 3.4.1 cpe:/a:mozilla:network_security_services:3.4.1
Mozilla Network Security Services 3.4.2 cpe:/a:mozilla:network_security_services:3.4.2
Mozilla Network Security Services 3.2.1 cpe:/a:mozilla:network_security_services:3.2.1
Mozilla Network Security Services 3.11.2 cpe:/a:mozilla:network_security_services:3.11.2
Mozilla Network Security Services 3.12.1 cpe:/a:mozilla:network_security_services:3.12.1
Mozilla Network Security Services 3.3.1 cpe:/a:mozilla:network_security_services:3.3.1
Mozilla Network Security Services 3.12.7 cpe:/a:mozilla:network_security_services:3.12.7
Mozilla Network Security Services 3.14.5 cpe:/a:mozilla:network_security_services:3.14.5
Mozilla Network Security Services 3.7 cpe:/a:mozilla:network_security_services:3.7
Mozilla Network Security Services 3.7.5 cpe:/a:mozilla:network_security_services:3.7.5
Mozilla Network Security Services 3.11.5 cpe:/a:mozilla:network_security_services:3.11.5
Mozilla Network Security Services 3.12.4 cpe:/a:mozilla:network_security_services:3.12.4
Mozilla Network Security Services 3.14.2 cpe:/a:mozilla:network_security_services:3.14.2
Mozilla Network Security Services 3.15.1 cpe:/a:mozilla:network_security_services:3.15.1
Mozilla Network Security Services 3.7.2 cpe:/a:mozilla:network_security_services:3.7.2
Mozilla Network Security Services 3.12.9 cpe:/a:mozilla:network_security_services:3.12.9
Mozilla Network Security Services 3.5 cpe:/a:mozilla:network_security_services:3.5
Mozilla Network Security Services 3.7.3 cpe:/a:mozilla:network_security_services:3.7.3
Mozilla Network Security Services 3.12.6 cpe:/a:mozilla:network_security_services:3.12.6
Mozilla Network Security Services 3.14.4 cpe:/a:mozilla:network_security_services:3.14.4
Mozilla Network Security Services 3.15.3 cpe:/a:mozilla:network_security_services:3.15.3
Mozilla Network Security Services 3.8 cpe:/a:mozilla:network_security_services:3.8
Mozilla Network Security Services 3.12.8 cpe:/a:mozilla:network_security_services:3.12.8
Mozilla Network Security Services 3.9 cpe:/a:mozilla:network_security_services:3.9
Mozilla Network Security Services 3.12.3.2 cpe:/a:mozilla:network_security_services:3.12.3.2
Mozilla Network Security Services 3.12.3.1 cpe:/a:mozilla:network_security_services:3.12.3.1
Mozilla Network Security Services 3.11.4 cpe:/a:mozilla:network_security_services:3.11.4
Mozilla Network Security Services 3.12.3 cpe:/a:mozilla:network_security_services:3.12.3
Mozilla Network Security Services 3.14.1 cpe:/a:mozilla:network_security_services:3.14.1
Mozilla Network Security Services 3.12.5 cpe:/a:mozilla:network_security_services:3.12.5
Mozilla Network Security Services 3.14.3 cpe:/a:mozilla:network_security_services:3.14.3
Mozilla Network Security Services 3.15.2 cpe:/a:mozilla:network_security_services:3.15.2
Mozilla Network Security Services 3.7.7 cpe:/a:mozilla:network_security_services:3.7.7
Mozilla Network Security Services 3.11.3 cpe:/a:mozilla:network_security_services:3.11.3
Mozilla Network Security Services 3.12.2 cpe:/a:mozilla:network_security_services:3.12.2
  1. Mozilla (1) Search CVE
    1. Network Security Services (47) Search CVE
      1. 3.12.11
      2. 3.14
      3. 3.15
      4. 3.12
      5. 3.2
      6. 3.3
      7. 3.12.10
      8. 3.6
      9. 3.4
      10. 3.6.1
      11. 3.7.1
      12. 3.3.2
      13. 3.4.1
      14. 3.4.2
      15. 3.2.1
      16. 3.11.2
      17. 3.12.1
      18. 3.3.1
      19. 3.12.7
      20. 3.14.5
      21. 3.7
      22. 3.7.5
      23. 3.11.5
      24. 3.12.4
      25. 3.14.2
      26. 3.15.1
      27. 3.7.2
      28. 3.12.9
      29. 3.5
      30. 3.7.3
      31. 3.12.6
      32. 3.14.4
      33. 3.15.3
      34. 3.8
      35. 3.12.8
      36. 3.9
      37. 3.12.3.2
      38. 3.12.3.1
      39. 3.11.4
      40. 3.12.3
      41. 3.14.1
      42. 3.12.5
      43. 3.14.3
      44. 3.15.2
      45. 3.7.7
      46. 3.11.3
      47. 3.12.2

CWE

ID Name Description Links
CWE-310 Cryptographic Issues Weaknesses in this category are related to the use of cryptography. CVE