Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Network Security Services 加密问题漏洞
Vulnerability Description
Mozilla Network Security Services(NSS)是美国Mozilla基金会开发的一个函数库(网络安全服务库),它可跨平台提供SSL、S/MIME和其他Internet安全标准支持。 Mozilla NSS 3.15.3及之前的版本中的libssl软件包中的sslsecur.c文件中的‘ssl_Do1stHandshake’函数中存在加密问题漏洞。当使用TLS False Start功能时,攻击者可通过在握手期间使用任意X.509证书利用该漏洞实施中间人攻击,欺骗SSL服务器。
CVSS Information
N/A
Vulnerability Type
N/A