CVE-2008-2809
Publication date 8 July 2008
Last updated 24 July 2024
Ubuntu priority
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | ||
firefox-3.0 | ||
iceape | ||
icedove | ||
iceweasel | ||
mozilla-thunderbird | ||
seamonkey | ||
thunderbird | ||
xulrunner | ||