CVE-2008-2809

Priority
Description
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey
1.1.5 and other versions before 1.1.10, Netscape 9.0, and other
Mozilla-based web browsers, when a user accepts an SSL server certificate
on the basis of the CN domain name in the DN field, regard the certificate
as also accepted for all domain names in subjectAltName:dNSName fields,
which makes it easier for remote attackers to trick a user into accepting
an invalid certificate for a spoofed web site.
Assigned-to
asac
Notes
Package
Upstream:released (2.0.0.15)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (2.0.0.15)
Package
Upstream:released (2.0.0.15)
Package
Upstream:needs-triage
Package
Upstream:released (1.1.10)
Package
Upstream:released (2.0.0.16)
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 20:49:32 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)