Update Protection against Mozilla Network Security Services and Firefox Common Name Security Bypass
| Check Point Reference: | CPAI-2009-129 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Mozilla Foundation Security Advisory 2009-42 | |
| Industry Reference(s): | CVE-2009-2408 CVE-2009-4565 |
|
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Mozilla Foundation Firefox 3.0.12 and prior Mozilla Foundation Network Security Services Prior to 3.12.3 | ||
| Vulnerability Description A security bypass vulnerability has been reported in Mozilla Network Security Services (NSS) and Firefox. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Firefox is a popular, open source web browser developed by Mozilla Foundation. A remote attacker could exploit this flaw to execute a man-in-the-middle attack on the vulnerable system. |
||
|
Update/Patch Available Apply patch: Red Hat Bugzilla – Bug 510251 |
|
|
Vulnerability Details The vulnerability is due to an error in Mozilla Firefox and NSS when handling NULL characters in a domain name in the subject's Common Name (CN) field of a certificate. A remote attacker can exploit this flaw by sending a malicious certificate to a vulnerable system. Successful exploitation could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. |
Protection Overview
This protection will detect and block NULL prefix found in SSL certificates.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.