CVE-2010-3173
First published: Thu Oct 21 2010(Updated: )
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =3.6 | |
| Firefox | =3.6.2 | |
| Firefox | =3.6.3 | |
| Firefox | =3.6.4 | |
| Firefox | =3.6.6 | |
| Firefox | =3.6.7 | |
| Firefox | =3.6.8 | |
| Firefox | =3.6.9 | |
| Firefox | =3.6.10 | |
| Mozilla SeaMonkey | <=2.0.8 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla SeaMonkey | =1.0-alpha | |
| Mozilla SeaMonkey | =1.0-beta | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Mozilla SeaMonkey | =1.0.7 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Mozilla SeaMonkey | =1.1 | |
| Mozilla SeaMonkey | =1.1-alpha | |
| Mozilla SeaMonkey | =1.1-beta | |
| Mozilla SeaMonkey | =1.1.1 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Mozilla SeaMonkey | =1.1.3 | |
| Mozilla SeaMonkey | =1.1.4 | |
| Mozilla SeaMonkey | =1.1.5 | |
| Mozilla SeaMonkey | =1.1.6 | |
| Mozilla SeaMonkey | =1.1.7 | |
| Mozilla SeaMonkey | =1.1.8 | |
| Mozilla SeaMonkey | =1.1.9 | |
| Mozilla SeaMonkey | =1.1.10 | |
| Mozilla SeaMonkey | =1.1.11 | |
| Mozilla SeaMonkey | =1.1.12 | |
| Mozilla SeaMonkey | =1.1.13 | |
| Mozilla SeaMonkey | =1.1.14 | |
| Mozilla SeaMonkey | =1.1.15 | |
| Mozilla SeaMonkey | =1.1.16 | |
| Mozilla SeaMonkey | =1.1.17 | |
| Mozilla SeaMonkey | =1.1.18 | |
| Mozilla SeaMonkey | =1.1.19 | |
| Mozilla SeaMonkey | =1.5.0.8 | |
| Mozilla SeaMonkey | =1.5.0.9 | |
| Mozilla SeaMonkey | =1.5.0.10 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Mozilla SeaMonkey | =2.0.6 | |
| Mozilla SeaMonkey | =2.0.7 | |
| Thunderbird | <=3.0.8 | |
| Thunderbird | =0.1 | |
| Thunderbird | =0.2 | |
| Thunderbird | =0.3 | |
| Thunderbird | =0.4 | |
| Thunderbird | =0.5 | |
| Thunderbird | =0.6 | |
| Thunderbird | =0.7 | |
| Thunderbird | =0.7.1 | |
| Thunderbird | =0.7.2 | |
| Thunderbird | =0.7.3 | |
| Thunderbird | =0.8 | |
| Thunderbird | =0.9 | |
| Thunderbird | =1.0 | |
| Thunderbird | =1.0.1 | |
| Thunderbird | =1.0.2 | |
| Thunderbird | =1.0.3 | |
| Thunderbird | =1.0.4 | |
| Thunderbird | =1.0.5 | |
| Thunderbird | =1.0.6 | |
| Thunderbird | =1.0.7 | |
| Thunderbird | =1.0.8 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5-beta2 | |
| Thunderbird | =1.5.0.1 | |
| Thunderbird | =1.5.0.2 | |
| Thunderbird | =1.5.0.3 | |
| Thunderbird | =1.5.0.4 | |
| Thunderbird | =1.5.0.5 | |
| Thunderbird | =1.5.0.6 | |
| Thunderbird | =1.5.0.7 | |
| Thunderbird | =1.5.0.8 | |
| Thunderbird | =1.5.0.9 | |
| Thunderbird | =1.5.0.10 | |
| Thunderbird | =1.5.0.11 | |
| Thunderbird | =1.5.0.12 | |
| Thunderbird | =1.5.0.13 | |
| Thunderbird | =1.5.0.14 | |
| Thunderbird | =1.5.1 | |
| Thunderbird | =1.5.2 | |
| Thunderbird | =2.0 | |
| Thunderbird | =2.0.0.0 | |
| Thunderbird | =2.0.0.1 | |
| Thunderbird | =2.0.0.2 | |
| Thunderbird | =2.0.0.3 | |
| Thunderbird | =2.0.0.4 | |
| Thunderbird | =2.0.0.5 | |
| Thunderbird | =2.0.0.6 | |
| Thunderbird | =2.0.0.7 | |
| Thunderbird | =2.0.0.8 | |
| Thunderbird | =2.0.0.9 | |
| Thunderbird | =2.0.0.12 | |
| Thunderbird | =2.0.0.14 | |
| Thunderbird | =2.0.0.16 | |
| Thunderbird | =2.0.0.17 | |
| Thunderbird | =2.0.0.18 | |
| Thunderbird | =2.0.0.19 | |
| Thunderbird | =2.0.0.21 | |
| Thunderbird | =2.0.0.22 | |
| Thunderbird | =2.0.0.23 | |
| Thunderbird | =3.0 | |
| Thunderbird | =3.0.1 | |
| Thunderbird | =3.0.2 | |
| Thunderbird | =3.0.3 | |
| Thunderbird | =3.0.4 | |
| Thunderbird | =3.0.5 | |
| Thunderbird | =3.0.6 | |
| Thunderbird | =3.0.7 | |
| Firefox | <=3.5.13 | |
| Firefox | =1.0 | |
| Firefox | =1.0-preview_release | |
| Firefox | =1.0.1 | |
| Firefox | =1.0.2 | |
| Firefox | =1.0.3 | |
| Firefox | =1.0.4 | |
| Firefox | =1.0.5 | |
| Firefox | =1.0.6 | |
| Firefox | =1.0.7 | |
| Firefox | =1.0.8 | |
| Firefox | =1.5 | |
| Firefox | =1.5-beta1 | |
| Firefox | =1.5-beta2 | |
| Firefox | =1.5.0.1 | |
| Firefox | =1.5.0.2 | |
| Firefox | =1.5.0.3 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.5 | |
| Firefox | =1.5.0.6 | |
| Firefox | =1.5.0.7 | |
| Firefox | =1.5.0.8 | |
| Firefox | =1.5.0.9 | |
| Firefox | =1.5.0.10 | |
| Firefox | =1.5.0.11 | |
| Firefox | =1.5.0.12 | |
| Firefox | =1.5.1 | |
| Firefox | =1.5.2 | |
| Firefox | =1.5.3 | |
| Firefox | =1.5.4 | |
| Firefox | =1.5.5 | |
| Firefox | =1.5.6 | |
| Firefox | =1.5.7 | |
| Firefox | =1.5.8 | |
| Firefox | =2.0 | |
| Firefox | =2.0.0.1 | |
| Firefox | =2.0.0.2 | |
| Firefox | =2.0.0.3 | |
| Firefox | =2.0.0.4 | |
| Firefox | =2.0.0.5 | |
| Firefox | =2.0.0.6 | |
| Firefox | =2.0.0.7 | |
| Firefox | =2.0.0.8 | |
| Firefox | =2.0.0.9 | |
| Firefox | =2.0.0.10 | |
| Firefox | =2.0.0.11 | |
| Firefox | =2.0.0.12 | |
| Firefox | =2.0.0.13 | |
| Firefox | =2.0.0.14 | |
| Firefox | =2.0.0.15 | |
| Firefox | =2.0.0.16 | |
| Firefox | =2.0.0.17 | |
| Firefox | =2.0.0.18 | |
| Firefox | =2.0.0.19 | |
| Firefox | =2.0.0.20 | |
| Firefox | =3.0 | |
| Firefox | =3.0.1 | |
| Firefox | =3.0.2 | |
| Firefox | =3.0.3 | |
| Firefox | =3.0.4 | |
| Firefox | =3.0.5 | |
| Firefox | =3.0.6 | |
| Firefox | =3.0.7 | |
| Firefox | =3.0.8 | |
| Firefox | =3.0.9 | |
| Firefox | =3.0.10 | |
| Firefox | =3.0.11 | |
| Firefox | =3.0.12 | |
| Firefox | =3.0.13 | |
| Firefox | =3.0.14 | |
| Firefox | =3.0.15 | |
| Firefox | =3.0.16 | |
| Firefox | =3.0.17 | |
| Firefox | =3.5 | |
| Firefox | =3.5.1 | |
| Firefox | =3.5.2 | |
| Firefox | =3.5.3 | |
| Firefox | =3.5.4 | |
| Firefox | =3.5.5 | |
| Firefox | =3.5.6 | |
| Firefox | =3.5.7 | |
| Firefox | =3.5.8 | |
| Firefox | =3.5.9 | |
| Firefox | =3.5.10 | |
| Firefox | =3.5.11 | |
| Firefox | =3.5.12 | |
| Thunderbird | =3.1 | |
| Thunderbird | =3.1.1 | |
| Thunderbird | =3.1.2 | |
| Thunderbird | =3.1.3 | |
| Thunderbird | =3.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- http://secunia.com/advisories/41839
- http://secunia.com/advisories/42867
- http://support.avaya.com/css/P8/documents/100114250
- http://support.avaya.com/css/P8/documents/100120156
- http://www.debian.org/security/2010/dsa-2123
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:210
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:211
- http://www.mozilla.org/security/announce/2010/mfsa2010-72.html
- http://www.redhat.com/support/errata/RHSA-2010-0781.html
- http://www.redhat.com/support/errata/RHSA-2010-0782.html
- http://www.ubuntu.com/usn/USN-1007-1
- http://www.vupen.com/english/advisories/2011/0061
- https://bugzilla.mozilla.org/show_bug.cgi?id=554354
- https://bugzilla.mozilla.org/show_bug.cgi?id=583337
- https://bugzilla.mozilla.org/show_bug.cgi?id=587234
- https://bugzilla.mozilla.org/show_bug.cgi?id=595300
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12118
Frequently Asked Questions
What is the severity of CVE-2010-3173?
CVE-2010-3173 is considered a moderate severity vulnerability due to its potential impact on secure communications.
How do I fix CVE-2010-3173?
To fix CVE-2010-3173, update Mozilla Firefox, Thunderbird, or SeaMonkey to the latest version that is not affected.
Which versions are affected by CVE-2010-3173?
CVE-2010-3173 affects Mozilla Firefox versions prior to 3.5.14, 3.6.x prior to 3.6.11, Thunderbird versions prior to 3.0.9 and 3.1.x prior to 3.1.5, and SeaMonkey versions prior to 2.0.9.
What type of vulnerability is CVE-2010-3173?
CVE-2010-3173 is a cryptography vulnerability that impacts the handling of Diffie-Hellman Ephemeral (DHE) key exchanges.
Who should be concerned about CVE-2010-3173?
Users of Mozilla Firefox, Thunderbird, or SeaMonkey who are running affected versions should be concerned about CVE-2010-3173 and should update their software.
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mozilla
- canonical/firefox
- version/firefox/3.6
- version/firefox/3.6.2
- version/firefox/3.6.3
- version/firefox/3.6.4
- version/firefox/3.6.6
- version/firefox/3.6.7
- version/firefox/3.6.8
- version/firefox/3.6.9
- version/firefox/3.6.10
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.0.8
- version/mozilla seamonkey/1.0
- version/mozilla seamonkey/1.0-alpha
- version/mozilla seamonkey/1.0-beta
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.3
- version/mozilla seamonkey/1.0.4
- version/mozilla seamonkey/1.0.5
- version/mozilla seamonkey/1.0.6
- version/mozilla seamonkey/1.0.7
- version/mozilla seamonkey/1.0.8
- version/mozilla seamonkey/1.0.9
- version/mozilla seamonkey/1.1
- version/mozilla seamonkey/1.1-alpha
- version/mozilla seamonkey/1.1-beta
- version/mozilla seamonkey/1.1.1
- version/mozilla seamonkey/1.1.2
- version/mozilla seamonkey/1.1.3
- version/mozilla seamonkey/1.1.4
- version/mozilla seamonkey/1.1.5
- version/mozilla seamonkey/1.1.6
- version/mozilla seamonkey/1.1.7
- version/mozilla seamonkey/1.1.8
- version/mozilla seamonkey/1.1.9
- version/mozilla seamonkey/1.1.10
- version/mozilla seamonkey/1.1.11
- version/mozilla seamonkey/1.1.12
- version/mozilla seamonkey/1.1.13
- version/mozilla seamonkey/1.1.14
- version/mozilla seamonkey/1.1.15
- version/mozilla seamonkey/1.1.16
- version/mozilla seamonkey/1.1.17
- version/mozilla seamonkey/1.1.18
- version/mozilla seamonkey/1.1.19
- version/mozilla seamonkey/1.5.0.8
- version/mozilla seamonkey/1.5.0.9
- version/mozilla seamonkey/1.5.0.10
- version/mozilla seamonkey/2.0
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/2.0.6
- version/mozilla seamonkey/2.0.7
- canonical/thunderbird
- version/thunderbird/3.0.8
- version/thunderbird/0.1
- version/thunderbird/0.2
- version/thunderbird/0.3
- version/thunderbird/0.4
- version/thunderbird/0.5
- version/thunderbird/0.6
- version/thunderbird/0.7
- version/thunderbird/0.7.1
- version/thunderbird/0.7.2
- version/thunderbird/0.7.3
- version/thunderbird/0.8
- version/thunderbird/0.9
- version/thunderbird/1.0
- version/thunderbird/1.0.1
- version/thunderbird/1.0.2
- version/thunderbird/1.0.3
- version/thunderbird/1.0.4
- version/thunderbird/1.0.5
- version/thunderbird/1.0.6
- version/thunderbird/1.0.7
- version/thunderbird/1.0.8
- version/thunderbird/1.5
- version/thunderbird/1.5-beta2
- version/thunderbird/1.5.0.1
- version/thunderbird/1.5.0.2
- version/thunderbird/1.5.0.3
- version/thunderbird/1.5.0.4
- version/thunderbird/1.5.0.5
- version/thunderbird/1.5.0.6
- version/thunderbird/1.5.0.7
- version/thunderbird/1.5.0.8
- version/thunderbird/1.5.0.9
- version/thunderbird/1.5.0.10
- version/thunderbird/1.5.0.11
- version/thunderbird/1.5.0.12
- version/thunderbird/1.5.0.13
- version/thunderbird/1.5.0.14
- version/thunderbird/1.5.1
- version/thunderbird/1.5.2
- version/thunderbird/2.0
- version/thunderbird/2.0.0.0
- version/thunderbird/2.0.0.1
- version/thunderbird/2.0.0.2
- version/thunderbird/2.0.0.3
- version/thunderbird/2.0.0.4
- version/thunderbird/2.0.0.5
- version/thunderbird/2.0.0.6
- version/thunderbird/2.0.0.7
- version/thunderbird/2.0.0.8
- version/thunderbird/2.0.0.9
- version/thunderbird/2.0.0.12
- version/thunderbird/2.0.0.14
- version/thunderbird/2.0.0.16
- version/thunderbird/2.0.0.17
- version/thunderbird/2.0.0.18
- version/thunderbird/2.0.0.19
- version/thunderbird/2.0.0.21
- version/thunderbird/2.0.0.22
- version/thunderbird/2.0.0.23
- version/thunderbird/3.0
- version/thunderbird/3.0.1
- version/thunderbird/3.0.2
- version/thunderbird/3.0.3
- version/thunderbird/3.0.4
- version/thunderbird/3.0.5
- version/thunderbird/3.0.6
- version/thunderbird/3.0.7
- version/firefox/3.5.13
- version/firefox/1.0
- version/firefox/1.0-preview_release
- version/firefox/1.0.1
- version/firefox/1.0.2
- version/firefox/1.0.3
- version/firefox/1.0.4
- version/firefox/1.0.5
- version/firefox/1.0.6
- version/firefox/1.0.7
- version/firefox/1.0.8
- version/firefox/1.5
- version/firefox/1.5-beta1
- version/firefox/1.5-beta2
- version/firefox/1.5.0.1
- version/firefox/1.5.0.2
- version/firefox/1.5.0.3
- version/firefox/1.5.0.4
- version/firefox/1.5.0.5
- version/firefox/1.5.0.6
- version/firefox/1.5.0.7
- version/firefox/1.5.0.8
- version/firefox/1.5.0.9
- version/firefox/1.5.0.10
- version/firefox/1.5.0.11
- version/firefox/1.5.0.12
- version/firefox/1.5.1
- version/firefox/1.5.2
- version/firefox/1.5.3
- version/firefox/1.5.4
- version/firefox/1.5.5
- version/firefox/1.5.6
- version/firefox/1.5.7
- version/firefox/1.5.8
- version/firefox/2.0
- version/firefox/2.0.0.1
- version/firefox/2.0.0.2
- version/firefox/2.0.0.3
- version/firefox/2.0.0.4
- version/firefox/2.0.0.5
- version/firefox/2.0.0.6
- version/firefox/2.0.0.7
- version/firefox/2.0.0.8
- version/firefox/2.0.0.9
- version/firefox/2.0.0.10
- version/firefox/2.0.0.11
- version/firefox/2.0.0.12
- version/firefox/2.0.0.13
- version/firefox/2.0.0.14
- version/firefox/2.0.0.15
- version/firefox/2.0.0.16
- version/firefox/2.0.0.17
- version/firefox/2.0.0.18
- version/firefox/2.0.0.19
- version/firefox/2.0.0.20
- version/firefox/3.0
- version/firefox/3.0.1
- version/firefox/3.0.2
- version/firefox/3.0.3
- version/firefox/3.0.4
- version/firefox/3.0.5
- version/firefox/3.0.6
- version/firefox/3.0.7
- version/firefox/3.0.8
- version/firefox/3.0.9
- version/firefox/3.0.10
- version/firefox/3.0.11
- version/firefox/3.0.12
- version/firefox/3.0.13
- version/firefox/3.0.14
- version/firefox/3.0.15
- version/firefox/3.0.16
- version/firefox/3.0.17
- version/firefox/3.5
- version/firefox/3.5.1
- version/firefox/3.5.2
- version/firefox/3.5.3
- version/firefox/3.5.4
- version/firefox/3.5.5
- version/firefox/3.5.6
- version/firefox/3.5.7
- version/firefox/3.5.8
- version/firefox/3.5.9
- version/firefox/3.5.10
- version/firefox/3.5.11
- version/firefox/3.5.12
- version/thunderbird/3.1
- version/thunderbird/3.1.1
- version/thunderbird/3.1.2
- version/thunderbird/3.1.3
- version/thunderbird/3.1.4