CVE-2010-3170

MEDIUM

Description

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

ID	Name	Product	Family	Severity
89681	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)	Nessus	Misc.	critical
75733	openSUSE Security Update : seamonkey (seamonkey-3372)	Nessus	SuSE Local Security Checks	high
75671	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)	Nessus	SuSE Local Security Checks	high
75660	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)	Nessus	SuSE Local Security Checks	high
75648	openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)	Nessus	SuSE Local Security Checks	high
75574	openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0904-1)	Nessus	SuSE Local Security Checks	medium
68139	Oracle Linux 6 : nss (ELSA-2010-0862)	Nessus	Oracle Linux Local Security Checks	medium
68121	Oracle Linux 4 / 5 : firefox (ELSA-2010-0782)	Nessus	Oracle Linux Local Security Checks	high
68120	Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0781)	Nessus	Oracle Linux Local Security Checks	high
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
60895	Scientific Linux Security Update : nss on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
60872	Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60870	Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
56665	VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	Nessus	VMware ESX Local Security Checks	critical
50952	SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)	Nessus	SuSE Local Security Checks	high
50951	SuSE 11 / 11.1 Security Update : Mozilla (SAT Patch Numbers 3417 / 3419)	Nessus	SuSE Local Security Checks	high
50931	SuSE 11 / 11.1 Security Update : Mozilla (SAT Patch Numbers 3339 / 3340)	Nessus	SuSE Local Security Checks	medium
50876	SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3455 / 3456)	Nessus	SuSE Local Security Checks	high
50793	CentOS 4 / 5 : firefox (CESA-2010:0782)	Nessus	CentOS Local Security Checks	high
50792	CentOS 3 / 4 : seamonkey (CESA-2010:0781)	Nessus	CentOS Local Security Checks	high
50634	RHEL 6 : nss (RHSA-2010:0862)	Nessus	Red Hat Local Security Checks	medium
50489	SuSE 10 Security Update : Mozilla (ZYPP Patch Number 7196)	Nessus	SuSE Local Security Checks	medium
50488	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7208)	Nessus	SuSE Local Security Checks	high
50477	Fedora 12 : nss-3.12.8-2.fc12 / nss-softokn-3.12.8-1.fc12 / nss-util-3.12.8-1.fc12 (2010-15989)	Nessus	Fedora Local Security Checks	medium
50466	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)	Nessus	SuSE Local Security Checks	high
50464	openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)	Nessus	SuSE Local Security Checks	high
50462	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)	Nessus	SuSE Local Security Checks	high
50460	openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)	Nessus	SuSE Local Security Checks	high
50452	Debian DSA-2123-1 : nss - several vulnerabilities	Nessus	Debian Local Security Checks	high
50391	Fedora 14 : nss-3.12.8-2.fc14 / nss-softokn-3.12.8-1.fc14 / nss-util-3.12.8-1.fc14 (2010-15897)	Nessus	Fedora Local Security Checks	medium
50376	openSUSE Security Update : seamonkey (seamonkey-3372)	Nessus	SuSE Local Security Checks	high
50374	openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0904-1)	Nessus	SuSE Local Security Checks	medium
50372	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)	Nessus	SuSE Local Security Checks	high
50371	openSUSE Security Update : seamonkey (seamonkey-3372)	Nessus	SuSE Local Security Checks	high
50368	openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0904-1)	Nessus	SuSE Local Security Checks	medium
50366	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)	Nessus	SuSE Local Security Checks	high
50354	Fedora 13 : nss-3.12.8-2.fc13 / nss-softokn-3.12.8-1.fc13 / nss-util-3.12.8-1.fc13 (2010-15520)	Nessus	Fedora Local Security Checks	medium
50314	Mandriva Linux Security Advisory : firefox (MDVSA-2010:210)	Nessus	Mandriva Local Security Checks	high
50088	SeaMonkey < 2.0.9 Multiple Vulnerabilities	Nessus	Windows	high
50087	Mozilla Thunderbird 3.1 < 3.1.5 Multiple Vulnerabilities	Nessus	Windows	high
50086	Mozilla Thunderbird < 3.0.9 Multiple Vulnerabilities	Nessus	Windows	high
50085	Firefox 3.6 < 3.6.11 Multiple Vulnerabilities	Nessus	Windows	high
50084	Firefox < 3.5.14 Multiple Vulnerabilities	Nessus	Windows	high
50081	Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : nss vulnerabilities (USN-1007-1)	Nessus	Ubuntu Local Security Checks	high
50074	FreeBSD : mozilla -- multiple vulnerabilities (c4f067b9-dc4a-11df-8e32-000f20797ede)	Nessus	FreeBSD Local Security Checks	high
801368	Mozilla Firefox 3.5.x < 3.5.14 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801332	Mozilla Thunderbird 3.0.x < 3.0.9 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801331	Mozilla Thunderbird 3.1.x < 3.1.5 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801306	Mozilla Firefox 3.6.x < 3.6.11 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801286	Mozilla SeaMonkey 2.0.x < 2.0.9 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
50040	RHEL 4 / 5 : firefox (RHSA-2010:0782)	Nessus	Red Hat Local Security Checks	high
50039	RHEL 3 / 4 : seamonkey (RHSA-2010:0781)	Nessus	Red Hat Local Security Checks	high
5685	SeaMonkey 2.0.x < 2.0.9 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5684	Mozilla Thunderbird 3.1.x < 3.1.5 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
5683	Mozilla Thunderbird 3.0.x < 3.0.9 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
5682	Mozilla Firefox 3.6.x < 3.6.11 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5681	Mozilla Firefox 3.5.x < 3.5.14 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium

CVE-2010-3170

Description

References

Details

Risk Information

CVSS v2.0