Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox 安全漏洞
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。 Mozilla Firefox 35.0.1及之前版本中存在安全漏洞,该漏洞源于程序没有正确识别末尾附加‘.’字符的域名。攻击者可通过构建带有‘.’字符的URL,并访问该域的X.509证书利用该漏洞实施中间人攻击,绕过HPKP和HSTS保护机制。
CVSS Information
N/A
Vulnerability Type
N/A