{"api_version":"1","generated_at":"2026-04-24T22:08:20+00:00","cve":"CVE-2008-2809","urls":{"html":"https://cve.report/CVE-2008-2809","api":"https://cve.report/api/cve/CVE-2008-2809.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-2809","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-2809"},"summary":{"title":"CVE-2008-2809","description":"Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.","state":"PUBLISHED","assigner":"redhat","published_at":"2008-07-08 23:41:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-20","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4","severity":"","vector":"AV:N/AC:H/Au:N/C:N/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:P","baseScore":4,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://secunia.com/advisories/31005","name":"http://secunia.com/advisories/31005","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Fedora update for seamonkey - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/30949","name":"http://secunia.com/advisories/30949","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Fedora update for firefox - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=327181","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=327181","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"327181 – Improve error reporting for invalid-certificate errors (error page for https, or combined dialog)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html","name":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 9 Update: seamonkey-1.1.10-1.fc9","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2008/dsa-1615","name":"http://www.debian.org/security/2008/dsa-1615","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1615-1 xulrunner","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1020419","name":"http://www.securitytracker.com/id?1020419","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Mozilla Firefox 2.0 Has Multiple Bugs That Permit Remote Code Execution, Certificate Spoofing, Cross-Site Scripting, and Other Impacts - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/0977","name":"http://www.vupen.com/english/advisories/2009/0977","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/31183","name":"http://secunia.com/advisories/31183","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian update for xulrunner - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31195","name":"http://secunia.com/advisories/31195","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat update for thunderbird - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484","name":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15","name":"http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Known Vulnerabilities in Mozilla Products","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2008-0616.html","name":"http://rhn.redhat.com/errata/RHSA-2008-0616.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0549.html","name":"http://www.redhat.com/support/errata/RHSA-2008-0549.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31021","name":"http://secunia.com/advisories/31021","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Slackware update for mozilla-firefox - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://wiki.rpath.com/Advisories:rPSA-2008-0216","name":"http://wiki.rpath.com/Advisories:rPSA-2008-0216","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/31069","name":"http://secunia.com/advisories/31069","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian update for iceweasel - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html","name":"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE Security Announcement: Mozilla Firefox (SUSE-SA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31377","name":"http://secunia.com/advisories/31377","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo update for Mozilla products - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/3498","name":"http://securityreason.com/securityalert/3498","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Certificate spoofing issue with Mozilla, Konqueror, Safari 2 - SecurityReason.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2009/dsa-1697","name":"http://www.debian.org/security/2009/dsa-1697","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1697-1 iceape","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43524","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43524","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31220","name":"http://secunia.com/advisories/31220","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Ubuntu update for thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0569.html","name":"http://www.redhat.com/support/errata/RHSA-2008-0569.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-629-1","name":"http://www.ubuntu.com/usn/usn-629-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-629-1: Thunderbird vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:136","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:136","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support / Security / Advisories /  / MDVSA-2008:136 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/33433","name":"http://secunia.com/advisories/33433","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian update for iceape - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/30903","name":"http://secunia.com/advisories/30903","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat update for firefox - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31403","name":"http://secunia.com/advisories/31403","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Fedora update for thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:155","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:155","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support / Security / Advisories /  / MDVSA-2008:155 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/30038","name":"http://www.securityfocus.com/bid/30038","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/30911","name":"http://secunia.com/advisories/30911","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Mozilla Firefox Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/30898","name":"http://secunia.com/advisories/30898","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Ubuntu update for firefox - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200808-03.xml","name":"http://security.gentoo.org/glsa/glsa-200808-03.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Mozilla products: Multiple vulnerabilities — Gentoo Linux Documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/494080/100/0/threaded","name":"http://www.securityfocus.com/archive/1/494080/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/483929/100/100/threaded","name":"http://www.securityfocus.com/archive/1/483929/100/100/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://nils.toedtmann.net/pub/subjectAltName.txt","name":"http://nils.toedtmann.net/pub/subjectAltName.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2008/dsa-1607","name":"http://www.debian.org/security/2008/dsa-1607","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1607-1 iceweasel","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=240261","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=240261","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Bug 240261 – [1.8 branch] peer-trusted certs can use alt names to spoof","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mozilla.org/security/announce/2008/mfsa2008-31.html","name":"http://www.mozilla.org/security/announce/2008/mfsa2008-31.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"MFSA 2008-31: Peer-trusted certs can use alt names to spoof","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34501","name":"http://secunia.com/advisories/34501","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Solaris Firefox Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/483960/100/100/threaded","name":"http://www.securityfocus.com/archive/1/483960/100/100/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31076","name":"http://secunia.com/advisories/31076","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SUSE update for MozillaFirefox - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-2646","name":"https://issues.rpath.com/browse/RPL-2646","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/31023","name":"http://secunia.com/advisories/31023","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Slackware update for seamonkey - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html","name":"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 8 Update: thunderbird-2.0.0.16-1.fc8","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152","name":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911","name":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html","name":"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 9 Update: thunderbird-2.0.0.16-1.fc9","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html","name":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 8 Update: firefox-2.0.0.15-1.fc8","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2008/dsa-1621","name":"http://www.debian.org/security/2008/dsa-1621","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1621-1 icedove","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31253","name":"http://secunia.com/advisories/31253","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian update for icedove - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html","name":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 8 Update: seamonkey-1.1.10-1.fc8","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/1993/references","name":"http://www.vupen.com/english/advisories/2008/1993/references","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-619-1","name":"http://www.ubuntu.com/usn/usn-619-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-619-1: Firefox vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1018979","name":"http://securitytracker.com/id?1018979","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Mozilla Firefox subjectAltName:dNSName Attribute Validation Flaw Lets Remote Users Spoof Certificates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/483937/100/100/threaded","name":"http://www.securityfocus.com/archive/1/483937/100/100/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31008","name":"http://secunia.com/advisories/31008","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rPath update for firefox - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31286","name":"http://secunia.com/advisories/31286","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Slackware update for mozillla-thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/30878","name":"http://secunia.com/advisories/30878","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat update for seamonkey - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=402347","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=402347","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"402347 – Not binding X.509 certificate to originating domain name allows certificate spoofing","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2008-0547.html","name":"http://www.redhat.com/support/errata/RHSA-2008-0547.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-2809","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2809","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"2.0.0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"1.9","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"geckb","cpe6":"*","cpe7":"m8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"seamonkey","cpe6":"1.1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"1.0.9","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"seamonkey","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2809","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netscape","cpe5":"navigator","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T09:14:14.905Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"SUSE-SA:2008:034","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"},{"name":"RHSA-2008:0549","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2008-0549.html"},{"name":"DSA-1697","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2009/dsa-1697"},{"name":"31021","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31021"},{"name":"30898","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/30898"},{"name":"31403","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31403"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://wiki.rpath.com/Advisories:rPSA-2008-0216"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.rpath.com/browse/RPL-2646"},{"name":"30949","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/30949"},{"name":"SSA:2008-191-03","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"},{"name":"ADV-2009-0977","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/0977"},{"name":"31069","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31069"},{"name":"31008","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31008"},{"name":"31377","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31377"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=240261"},{"name":"RHSA-2008:0616","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2008-0616.html"},{"name":"3498","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/3498"},{"name":"ADV-2008-1993","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/1993/references"},{"name":"31023","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31023"},{"name":"MDVSA-2008:155","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"},{"name":"30038","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/30038"},{"name":"DSA-1607","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2008/dsa-1607"},{"name":"GLSA-200808-03","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-200808-03.xml"},{"name":"31005","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31005"},{"name":"33433","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/33433"},{"name":"FEDORA-2008-6127","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"},{"name":"1020419","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1020419"},{"name":"31253","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31253"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"},{"name":"FEDORA-2008-6737","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"},{"name":"31183","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31183"},{"name":"30903","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/30903"},{"name":"RHSA-2008:0547","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2008-0547.html"},{"name":"FEDORA-2008-6193","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"},{"name":"USN-629-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/usn-629-1"},{"name":"256408","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"},{"name":"20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/483937/100/100/threaded"},{"name":"SSA:2008-191","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=402347"},{"name":"SSA:2008-210-05","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484"},{"name":"DSA-1615","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2008/dsa-1615"},{"name":"20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/483960/100/100/threaded"},{"name":"FEDORA-2008-6706","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"},{"name":"31220","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31220"},{"name":"31195","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31195"},{"name":"20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/483929/100/100/threaded"},{"name":"oval:org.mitre.oval:def:10205","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205"},{"name":"31076","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31076"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"},{"name":"USN-619-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/usn-619-1"},{"name":"30911","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/30911"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=327181"},{"name":"RHSA-2008:0569","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2008-0569.html"},{"name":"30878","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/30878"},{"name":"DSA-1621","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2008/dsa-1621"},{"name":"20080708 rPSA-2008-0216-1 firefox","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/494080/100/0/threaded"},{"name":"1018979","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1018979"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://nils.toedtmann.net/pub/subjectAltName.txt"},{"name":"mozilla-altnames-spoofing(43524)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43524"},{"name":"31286","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31286"},{"name":"FEDORA-2008-6196","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"},{"name":"34501","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34501"},{"name":"MDVSA-2008:136","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-11-18T00:00:00.000Z","descriptions":[{"lang":"en","value":"Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-11T19:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"SUSE-SA:2008:034","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"},{"name":"RHSA-2008:0549","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2008-0549.html"},{"name":"DSA-1697","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2009/dsa-1697"},{"name":"31021","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31021"},{"name":"30898","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/30898"},{"name":"31403","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31403"},{"tags":["x_refsource_CONFIRM"],"url":"http://wiki.rpath.com/Advisories:rPSA-2008-0216"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.rpath.com/browse/RPL-2646"},{"name":"30949","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/30949"},{"name":"SSA:2008-191-03","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"},{"name":"ADV-2009-0977","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/0977"},{"name":"31069","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31069"},{"name":"31008","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31008"},{"name":"31377","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31377"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=240261"},{"name":"RHSA-2008:0616","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2008-0616.html"},{"name":"3498","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/3498"},{"name":"ADV-2008-1993","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/1993/references"},{"name":"31023","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31023"},{"name":"MDVSA-2008:155","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"},{"name":"30038","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/30038"},{"name":"DSA-1607","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2008/dsa-1607"},{"name":"GLSA-200808-03","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-200808-03.xml"},{"name":"31005","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31005"},{"name":"33433","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/33433"},{"name":"FEDORA-2008-6127","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"},{"name":"1020419","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1020419"},{"name":"31253","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31253"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"},{"name":"FEDORA-2008-6737","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"},{"name":"31183","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31183"},{"name":"30903","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/30903"},{"name":"RHSA-2008:0547","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2008-0547.html"},{"name":"FEDORA-2008-6193","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"},{"name":"USN-629-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/usn-629-1"},{"name":"256408","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"},{"name":"20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/483937/100/100/threaded"},{"name":"SSA:2008-191","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=402347"},{"name":"SSA:2008-210-05","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484"},{"name":"DSA-1615","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2008/dsa-1615"},{"name":"20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/483960/100/100/threaded"},{"name":"FEDORA-2008-6706","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"},{"name":"31220","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31220"},{"name":"31195","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31195"},{"name":"20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/483929/100/100/threaded"},{"name":"oval:org.mitre.oval:def:10205","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205"},{"name":"31076","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31076"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"},{"name":"USN-619-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/usn-619-1"},{"name":"30911","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/30911"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=327181"},{"name":"RHSA-2008:0569","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2008-0569.html"},{"name":"30878","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/30878"},{"name":"DSA-1621","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2008/dsa-1621"},{"name":"20080708 rPSA-2008-0216-1 firefox","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/494080/100/0/threaded"},{"name":"1018979","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1018979"},{"tags":["x_refsource_MISC"],"url":"http://nils.toedtmann.net/pub/subjectAltName.txt"},{"name":"mozilla-altnames-spoofing(43524)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43524"},{"name":"31286","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31286"},{"name":"FEDORA-2008-6196","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"},{"name":"34501","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34501"},{"name":"MDVSA-2008:136","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2008-2809","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"SUSE-SA:2008:034","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"},{"name":"RHSA-2008:0549","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2008-0549.html"},{"name":"DSA-1697","refsource":"DEBIAN","url":"http://www.debian.org/security/2009/dsa-1697"},{"name":"31021","refsource":"SECUNIA","url":"http://secunia.com/advisories/31021"},{"name":"30898","refsource":"SECUNIA","url":"http://secunia.com/advisories/30898"},{"name":"31403","refsource":"SECUNIA","url":"http://secunia.com/advisories/31403"},{"name":"http://wiki.rpath.com/Advisories:rPSA-2008-0216","refsource":"CONFIRM","url":"http://wiki.rpath.com/Advisories:rPSA-2008-0216"},{"name":"https://issues.rpath.com/browse/RPL-2646","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-2646"},{"name":"30949","refsource":"SECUNIA","url":"http://secunia.com/advisories/30949"},{"name":"SSA:2008-191-03","refsource":"SLACKWARE","url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"},{"name":"ADV-2009-0977","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/0977"},{"name":"31069","refsource":"SECUNIA","url":"http://secunia.com/advisories/31069"},{"name":"31008","refsource":"SECUNIA","url":"http://secunia.com/advisories/31008"},{"name":"31377","refsource":"SECUNIA","url":"http://secunia.com/advisories/31377"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=240261","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=240261"},{"name":"RHSA-2008:0616","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2008-0616.html"},{"name":"3498","refsource":"SREASON","url":"http://securityreason.com/securityalert/3498"},{"name":"ADV-2008-1993","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/1993/references"},{"name":"31023","refsource":"SECUNIA","url":"http://secunia.com/advisories/31023"},{"name":"MDVSA-2008:155","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"},{"name":"30038","refsource":"BID","url":"http://www.securityfocus.com/bid/30038"},{"name":"DSA-1607","refsource":"DEBIAN","url":"http://www.debian.org/security/2008/dsa-1607"},{"name":"GLSA-200808-03","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200808-03.xml"},{"name":"31005","refsource":"SECUNIA","url":"http://secunia.com/advisories/31005"},{"name":"33433","refsource":"SECUNIA","url":"http://secunia.com/advisories/33433"},{"name":"FEDORA-2008-6127","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"},{"name":"1020419","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1020419"},{"name":"31253","refsource":"SECUNIA","url":"http://secunia.com/advisories/31253"},{"name":"http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15","refsource":"CONFIRM","url":"http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"},{"name":"FEDORA-2008-6737","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"},{"name":"31183","refsource":"SECUNIA","url":"http://secunia.com/advisories/31183"},{"name":"30903","refsource":"SECUNIA","url":"http://secunia.com/advisories/30903"},{"name":"RHSA-2008:0547","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2008-0547.html"},{"name":"FEDORA-2008-6193","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"},{"name":"USN-629-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-629-1"},{"name":"256408","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"},{"name":"20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/483937/100/100/threaded"},{"name":"SSA:2008-191","refsource":"SLACKWARE","url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=402347","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=402347"},{"name":"SSA:2008-210-05","refsource":"SLACKWARE","url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484"},{"name":"DSA-1615","refsource":"DEBIAN","url":"http://www.debian.org/security/2008/dsa-1615"},{"name":"20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/483960/100/100/threaded"},{"name":"FEDORA-2008-6706","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"},{"name":"31220","refsource":"SECUNIA","url":"http://secunia.com/advisories/31220"},{"name":"31195","refsource":"SECUNIA","url":"http://secunia.com/advisories/31195"},{"name":"20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/483929/100/100/threaded"},{"name":"oval:org.mitre.oval:def:10205","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205"},{"name":"31076","refsource":"SECUNIA","url":"http://secunia.com/advisories/31076"},{"name":"http://www.mozilla.org/security/announce/2008/mfsa2008-31.html","refsource":"CONFIRM","url":"http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"},{"name":"USN-619-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-619-1"},{"name":"30911","refsource":"SECUNIA","url":"http://secunia.com/advisories/30911"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=327181","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=327181"},{"name":"RHSA-2008:0569","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2008-0569.html"},{"name":"30878","refsource":"SECUNIA","url":"http://secunia.com/advisories/30878"},{"name":"DSA-1621","refsource":"DEBIAN","url":"http://www.debian.org/security/2008/dsa-1621"},{"name":"20080708 rPSA-2008-0216-1 firefox","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/494080/100/0/threaded"},{"name":"1018979","refsource":"SECTRACK","url":"http://securitytracker.com/id?1018979"},{"name":"http://nils.toedtmann.net/pub/subjectAltName.txt","refsource":"MISC","url":"http://nils.toedtmann.net/pub/subjectAltName.txt"},{"name":"mozilla-altnames-spoofing(43524)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43524"},{"name":"31286","refsource":"SECUNIA","url":"http://secunia.com/advisories/31286"},{"name":"FEDORA-2008-6196","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"},{"name":"34501","refsource":"SECUNIA","url":"http://secunia.com/advisories/34501"},{"name":"MDVSA-2008:136","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"}]}}}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2008-2809","datePublished":"2008-07-08T23:00:00.000Z","dateReserved":"2008-06-20T00:00:00.000Z","dateUpdated":"2024-08-07T09:14:14.905Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-07-08 23:41:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-20","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:P","baseScore":4,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"F3D956DC-C73B-439F-8D79-8239207CC76F"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"57E2C7E7-56C0-466C-BB08-5EB43922C4F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"462E135A-5616-46CC-A9C0-5A7A0526ACC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"6121F9C1-F4DF-4AAB-9E51-AC1592AA5639"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"58D44634-A0B5-4F05-8983-B08D392EC742"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*","matchCriteriaId":"EB3AC3D3-FDD7-489F-BDCF-BDB55DF33A8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*","matchCriteriaId":"4105171B-9C90-4ABF-B220-A35E7BA9EE40"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*","matchCriteriaId":"20985549-DB24-4B69-9D40-208A47AE658E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*","matchCriteriaId":"43A13026-416F-4308-8A1B-E989BD769E12"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*","matchCriteriaId":"612B015E-9F96-4CE6-83E4-23848FD609E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*","matchCriteriaId":"1E391619-0967-43E1-8CBC-4D54F72A85C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*","matchCriteriaId":"0544D626-E269-4677-9B05-7DAB23BD103B"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*","matchCriteriaId":"C95F7B2C-80FC-4DF2-9680-F74634DCE3E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*","matchCriteriaId":"863C140E-DC15-4A88-AB8A-8AEF9F4B8164"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:geckb:*:m8:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"1AE6FF40-5C89-47F1-928C-7BC7DB7A57F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.9","matchCriteriaId":"B0E9314D-0D23-4572-9956-D2E8B53540B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"76AD0439-3BFB-4AD1-8E2C-99D0B099FA8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:netscape:navigator:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7DE436EA-9F65-4B62-A11D-B102F5E5E9FC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"2809","Ordinal":"1","Title":"CVE-2008-2809","CVE":"CVE-2008-2809","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"2809","Ordinal":"1","NoteData":"Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.","Type":"Description","Title":"CVE-2008-2809"},{"CveYear":"2008","CveId":"2809","Ordinal":"2","NoteData":"2008-07-08","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"2809","Ordinal":"3","NoteData":"2018-10-11","Type":"Other","Title":"Modified"}]}}}