CVE-2020-12421

MEDIUM Year: 2020
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

Related Vulnerabilities

CVE-2007-5967

MEDIUM
CVSS:6.5(Medium)

A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.

CWE-2952007

CVE-2011-2669

MEDIUM
CVSS:6.5(Medium)

Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.

CWE-2952011

CVE-2013-6662

MEDIUM
CVSS:6.5(Medium)

Google Chrome caches TLS sessions before certificate validation occurs.

CWE-2952013

CVE-2014-3250

MEDIUM
CVSS:6.5(Medium)

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certif...

CWE-2952014

CVE-2017-18479

MEDIUM
CVSS:6.5(Medium)

In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).

CWE-2952017

CVE-2017-2629

MEDIUM
CVSS:6.5(Medium)

curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or fa...

CWE-2952017