CVE-2014-1582

Description

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.

Risk Information

Base Score

6.8

MODERATE

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Score

Exploitation Probability

0.879

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 32.0	Windows
Multiple vulnerabilities affected in Mozilla_Firefox 32.0	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 31.0	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 31.1.0	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 32.0	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 31.0	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 31.1.0	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 32.0	Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (133.0)	Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (133.0.3)	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 30.0	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 31.0	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 31.1.0	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 32.0	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-343016	Mozilla Firefox (x64) (132.0.2)
PATCH-343015	Mozilla Firefox (132.0.2)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234