Detections
Analytics

CVE-2010-3173

high

Description

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12118

https://bugzilla.mozilla.org/show_bug.cgi?id=595300

https://bugzilla.mozilla.org/show_bug.cgi?id=587234

https://bugzilla.mozilla.org/show_bug.cgi?id=583337

https://bugzilla.mozilla.org/show_bug.cgi?id=554354

http://www.vupen.com/english/advisories/2011/0061

http://www.ubuntu.com/usn/USN-1007-1

http://www.redhat.com/support/errata/RHSA-2010-0782.html

http://www.redhat.com/support/errata/RHSA-2010-0781.html

http://www.mozilla.org/security/announce/2010/mfsa2010-72.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:211

http://www.mandriva.com/security/advisories?name=MDVSA-2010:210

http://www.debian.org/security/2010/dsa-2123

http://support.avaya.com/css/P8/documents/100120156

http://support.avaya.com/css/P8/documents/100114250

http://secunia.com/advisories/42867

http://secunia.com/advisories/41839

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

Details

Source: Mitre, NVD

Published: 2010-10-21

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.02346