CVE-2013-6673

Priority
Low
Description
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird
before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of
trust from an EV X.509 certificate, which makes it easier for
man-in-the-middle attackers to spoof SSL servers in opportunistic
circumstances via a valid certificate that is unacceptable to the user.
References
Assigned-to
chrisccoulson
Package
Upstream:released (24.2.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:24.2.0+build1-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (1:24.2.0+build1-0ubuntu0.12.10.1)
Ubuntu 13.04 (Raring Ringtail):released (1:24.2.0+build1-0ubuntu0.13.04.1)
Ubuntu 13.10 (Saucy Salamander):released (1:24.2.0+build1-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:24.2.0+build1-0ubuntu1)
Package
Upstream:released (26.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (26.0+build2-0ubuntu0.12.04.2)
Ubuntu 12.10 (Quantal Quetzal):released (26.0+build2-0ubuntu0.12.10.2)
Ubuntu 13.04 (Raring Ringtail):released (26.0+build2-0ubuntu0.13.04.2)
Ubuntu 13.10 (Saucy Salamander):released (26.0+build2-0ubuntu0.13.10.2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-11 18:14:52 UTC (commit 7535)