CVE-2013-1740
nss: false start PR_Recv information disclosure security issue
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
La función ssl_Do1stHandshake en sslsecur.c en libssl de Mozilla Network Security Services (NSS) anteriores a 3.15.4, cuando la funcionalidad TLS False Start está habilitada, permite a atacantes man-in-the-middle falsear servidores SSL utilizando un certificado X.509 arbitrario durante cierto tráfico de handshake.
A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-13 CVE Reserved
- 2014-01-18 CVE Published
- 2024-01-17 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Dec/23 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/534161/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/64944 | Vdb Entry | |
| http://www.vmware.com/security/advisories/VMSA-2014-0012.html | X_refsource_confirm | |
| https://bugs.gentoo.org/show_bug.cgi?id=498172 | X_refsource_confirm | |
| https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90394 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=919877 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html | 2018-10-09 | |
| http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html | 2018-10-09 | |
| http://www.ubuntu.com/usn/USN-2088-1 | 2018-10-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1053725 | 2014-09-16 | |
| https://access.redhat.com/security/cve/CVE-2013-1740 | 2014-09-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | <= 3.15.3 Search vendor "Mozilla" for product "Network Security Services" and version " <= 3.15.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.2.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.2.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.3 Search vendor "Mozilla" for product "Network Security Services" and version "3.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.3.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.3.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.3.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.3.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.4 Search vendor "Mozilla" for product "Network Security Services" and version "3.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.4.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.4.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.4.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.4.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.5 Search vendor "Mozilla" for product "Network Security Services" and version "3.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.6 Search vendor "Mozilla" for product "Network Security Services" and version "3.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.6.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.6.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.7 Search vendor "Mozilla" for product "Network Security Services" and version "3.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.7.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.7.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.7.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.7.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.7.3 Search vendor "Mozilla" for product "Network Security Services" and version "3.7.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.7.5 Search vendor "Mozilla" for product "Network Security Services" and version "3.7.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.7.7 Search vendor "Mozilla" for product "Network Security Services" and version "3.7.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.8 Search vendor "Mozilla" for product "Network Security Services" and version "3.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.9 Search vendor "Mozilla" for product "Network Security Services" and version "3.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.11.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.11.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.11.3 Search vendor "Mozilla" for product "Network Security Services" and version "3.11.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.11.4 Search vendor "Mozilla" for product "Network Security Services" and version "3.11.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.11.5 Search vendor "Mozilla" for product "Network Security Services" and version "3.11.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12 Search vendor "Mozilla" for product "Network Security Services" and version "3.12" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.3 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.3.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.3.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.3.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.3.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.4 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.5 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.6 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.7 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.8 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.9 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.10 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.10" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.12.11 Search vendor "Mozilla" for product "Network Security Services" and version "3.12.11" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14 Search vendor "Mozilla" for product "Network Security Services" and version "3.14" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.14.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.14.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14.3 Search vendor "Mozilla" for product "Network Security Services" and version "3.14.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14.4 Search vendor "Mozilla" for product "Network Security Services" and version "3.14.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14.5 Search vendor "Mozilla" for product "Network Security Services" and version "3.14.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.15 Search vendor "Mozilla" for product "Network Security Services" and version "3.15" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.15.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.15.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.15.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.15.2" | - |
Affected
| ||||||