CVE-2008-2809

NONECVSS 0.0

0.0

Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

🔗 References (126)

secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
secalert@redhathttp://nils.toedtmann.net/pub/subjectAltName.txt
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2008-0616.html
secalert@redhathttp://secunia.com/advisories/30878
secalert@redhathttp://secunia.com/advisories/30898
secalert@redhathttp://secunia.com/advisories/30903
secalert@redhathttp://secunia.com/advisories/30911
secalert@redhathttp://secunia.com/advisories/30949
secalert@redhathttp://secunia.com/advisories/31005
secalert@redhathttp://secunia.com/advisories/31008
secalert@redhathttp://secunia.com/advisories/31021
secalert@redhathttp://secunia.com/advisories/31023
secalert@redhathttp://secunia.com/advisories/31069
secalert@redhathttp://secunia.com/advisories/31076
secalert@redhathttp://secunia.com/advisories/31183

Is Your Infrastructure Affected by CVE-2008-2809?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-2809

📅 Published

🔄 Last Modified

🔗 References (126)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-2809?