CVE-2015-2741 (retired)

Priority
Description
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird
before 38.1 do not enforce key pinning upon encountering an X.509
certificate problem that generates a user dialog, which allows
user-assisted man-in-the-middle attackers to bypass intended access
restrictions by triggering a (1) expired certificate or (2) mismatched
hostname for a domain with pinning enabled.
Assigned-to
chrisccoulson
Package
Upstream:released (39.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (39.0+build5-0ubuntu0.14.04.1)
Package
Priority: Low
Upstream:released (31.8)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:31.8.0+build1-0ubuntu0.14.04.1)
More Information

Updated: 2019-03-26 12:14:54 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)