Insecure Trust Decision in Mozilla Firefox and SeaMonkey

Insecure Trust Decision in Mozilla Firefox and SeaMonkey

CVE-2014-8642 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.

Learn more about our Network Penetration Testing.