CVE-2010-3173

HIGH

Description

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

http://secunia.com/advisories/41839

http://secunia.com/advisories/42867

http://support.avaya.com/css/P8/documents/100114250

http://support.avaya.com/css/P8/documents/100120156

http://www.debian.org/security/2010/dsa-2123

http://www.mandriva.com/security/advisories?name=MDVSA-2010:210

http://www.mandriva.com/security/advisories?name=MDVSA-2010:211

http://www.mozilla.org/security/announce/2010/mfsa2010-72.html

http://www.redhat.com/support/errata/RHSA-2010-0781.html

http://www.redhat.com/support/errata/RHSA-2010-0782.html

http://www.ubuntu.com/usn/USN-1007-1

http://www.vupen.com/english/advisories/2011/0061

https://bugzilla.mozilla.org/show_bug.cgi?id=554354

https://bugzilla.mozilla.org/show_bug.cgi?id=583337

https://bugzilla.mozilla.org/show_bug.cgi?id=587234

https://bugzilla.mozilla.org/show_bug.cgi?id=595300

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12118

Details

Source: MITRE

Published: 2010-10-21

Updated: 2017-09-19

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH