CVE-2010-3173

Source
https://nvd.nist.gov/vuln/detail/CVE-2010-3173
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2010-3173.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2010-3173
Related
Published
2010-10-21T19:00:02Z
Modified
2024-09-11T02:00:04Z
Summary
[none]
Details

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

References

Affected packages

Debian:11 / nss

Package

Name
nss
Purl
pkg:deb/debian/nss?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nss

Package

Name
nss
Purl
pkg:deb/debian/nss?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nss

Package

Name
nss
Purl
pkg:deb/debian/nss?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}