CVE-2011-0082: Input Validation
First published: Mon May 30 2011(Updated: )
A Debian bug report [1] indicated that Firefox 4.0.x handled the validation/revalidation of SSL certificates improperly. If a user were to visit a site with an untrusted certificate, Firefox would correctly display the warning about the untrusted connection. If a user were to confirm the security exception for a single session (not check off the "permanently store this exception"), then restart the browser and re-load the page, the contents of the page would be displayed from the Firefox cache. Upon reloading the page, the security warning would appear, but incorrectly indicates that the site provides a valid, verified certificate and there is no way to confirm the exception. This is not the case in Firefox 3.6.17 where when re-loading the browser and visiting the page, the untrusted connection warning comes up immediately, without showing the contents of the page, and allowing you to confirm the exception. Steps to reproduce: 1) Visit a site with a self-signed certificate (such as <a href="https://kitenet.net/">https://kitenet.net/</a>) and click "I Understand The Risks", click "Add Exception", uncheck "Permanently store this exception", click "Confirm Security Exception". The site's contents will be displayed. 2) Exit the browser. 3) Start Firefox again and visit the page you visited in step 1. The browser will show the contents of the page, even though its certificate should no longer be considered valid. 4) Refresh the page. The untrusted connection warning will display again. Click "I Understand The Risks", click "Add Exception". Firefox will indicate that "This site provides valid, verified identification" and does not allow you to confirm the security exception. [1] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627552">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627552</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =4.0-beta6 | |
| Firefox | =4.0-beta1 | |
| Firefox | =4.0-beta9 | |
| Firefox | =4.0-beta5 | |
| Firefox | =4.0-beta8 | |
| Firefox | =4.0-beta12 | |
| Firefox | =4.0-beta3 | |
| Firefox | =4.0-beta2 | |
| Firefox | =4.0-beta4 | |
| Firefox | =4.0-beta10 | |
| Firefox | =4.0 | |
| Firefox | =4.0-beta11 | |
| Firefox | =4.0-beta7 | |
| Firefox | =4.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627552
- http://openwall.com/lists/oss-security/2011/05/31/9
- http://openwall.com/lists/oss-security/2011/05/31/14
- https://bugzilla.redhat.com/show_bug.cgi?id=709165
- https://bugzilla.mozilla.org/show_bug.cgi?id=660749
- http://openwall.com/lists/oss-security/2011/05/31/4
- http://www.securityfocus.com/bid/48064
- http://openwall.com/lists/oss-security/2011/05/31/18
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14145
- https://kitenet.net/
- agent/type
- agent/first-publish-date
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0082
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/mozilla
- canonical/mozilla firefox
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- canonical/firefox
- version/firefox/4.0-beta6
- version/firefox/4.0-beta1
- version/firefox/4.0-beta9
- version/firefox/4.0-beta5
- version/firefox/4.0-beta8
- version/firefox/4.0-beta12
- version/firefox/4.0-beta3
- version/firefox/4.0-beta2
- version/firefox/4.0-beta4
- version/firefox/4.0-beta10
- version/firefox/4.0
- version/firefox/4.0-beta11
- version/firefox/4.0-beta7
- version/firefox/4.0.1