firefox: certificate vulnerability
| Package(s): | firefox |
CVE #(s): | CVE-2009-3076
|
| Created: | September 10, 2009 |
Updated: | April 23, 2010 |
| Description: |
From the Red Hat alert:
Descriptions in the dialogs when adding and removing PKCS #11 modules were
not informative. An attacker able to trick a user into installing a
malicious PKCS #11 module could use this flaw to install their own
Certificate Authority certificates on a user's machine, making it possible
to trick the user into believing they are viewing a trusted site or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2009-3076) |
| Alerts: |
|
