Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2013-12-11T15:00:00
Updated: 2016-12-20T16:57:01
Reserved: 2013-11-05T00:00:00
Link: CVE-2013-6673
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-12-11T15:55:13.323
Modified: 2020-08-12T14:49:03.927
Link: CVE-2013-6673
JSON object: View
Redhat Information
No data.
CWE