CVE-2014-1582 (retired)

Priority
Description
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0
does not properly consider the connection-coalescing behavior of SPDY and
HTTP/2 in the case of a shared IP address, which allows man-in-the-middle
attackers to bypass an intended pinning configuration and spoof a web site
by providing a valid certificate from an arbitrary recognized Certification
Authority.
Assigned-to
chrisccoulson
Package
Upstream:released (33.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (33.0+build2-0ubuntu0.14.04.1)
More Information

Updated: 2019-03-26 12:12:41 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)