Server spoofing vulnerability in Mozilla Firefox, Mozilla Thunderbird or Firefox ESR - MFSA2015-150 (Mac OS X)ID: oval:org.secpod.oval:def:32566 | Date: (C)2016-01-12 (M)2024-01-29 |
Class: PATCH | Family: macos |
The host is missing an important security update according to Mozilla advisory, MFSA2015-150. The update is required to fix a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic. Successful exploitation allows remote attackers to spoof servers by triggering a collision.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.9 |
Apple Mac OS X 10.10 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Product: |
Mozilla Firefox |
Mozilla Firefox ESR |
Mozilla Thunderbird |