CVE-2010-3173
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2010-3173
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-3173.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2010-3173
- Related
- Published
- 2010-10-21T19:00:02Z
- Modified
- 2024-09-18T01:00:22Z
- Summary
- [none]
- Details
-
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
- References
-
- http://secunia.com/advisories/41839
- http://secunia.com/advisories/42867
- http://www.debian.org/security/2010/dsa-2123
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:210
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:211
- http://www.mozilla.org/security/announce/2010/mfsa2010-72.html
- http://www.ubuntu.com/usn/USN-1007-1
- http://www.vupen.com/english/advisories/2011/0061
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- https://bugzilla.mozilla.org/show_bug.cgi?id=554354
- https://bugzilla.mozilla.org/show_bug.cgi?id=583337
- https://bugzilla.mozilla.org/show_bug.cgi?id=587234
- https://bugzilla.mozilla.org/show_bug.cgi?id=595300
- http://support.avaya.com/css/P8/documents/100114250
- http://support.avaya.com/css/P8/documents/100120156
- http://www.redhat.com/support/errata/RHSA-2010-0781.html
- http://www.redhat.com/support/errata/RHSA-2010-0782.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12118
- https://security-tracker.debian.org/tracker/CVE-2010-3173
Affected packages
Debian:11 / nss
Package
- Name
- nss
- Purl
- pkg:deb/debian/nss?arch=source
Debian:12 / nss
Package
- Name
- nss
- Purl
- pkg:deb/debian/nss?arch=source
Debian:13 / nss
Package
- Name
- nss
- Purl
- pkg:deb/debian/nss?arch=source