Failure to Recognize User's Removal of Trust from EV X.509 Certificate in Mozilla Firefox, Thunderbird, and SeaMonkey

Failure to Recognize User's Removal of Trust from EV X.509 Certificate in Mozilla Firefox, Thunderbird, and SeaMonkey

CVE-2013-6673 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

Learn more about our Cis Benchmark Audit For Server Software.