Firefox < 37.0.1 HTTP/2 Alt-Svc Header Certificate Verification Bypass (Mac OS X)
Medium Nessus Plugin ID 82582
SynopsisThe remote Mac OS X host contains a web browser that is affected by a security bypass vulnerability.
DescriptionThe version of Firefox installed on the remote Mac OS X host is prior to 37.0.1. It is, therefore, affected by an error related to the HTTP/2 'Alt-Svc' header and SSL certificate verification, which allows man-in-the-middle (MitM) attacks.
SolutionUpgrade to Firefox 37.0.1 or later.