Detections
Analytics
CVE-2010-3173
high
Description
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12118
https://bugzilla.mozilla.org/show_bug.cgi?id=595300
https://bugzilla.mozilla.org/show_bug.cgi?id=587234
https://bugzilla.mozilla.org/show_bug.cgi?id=583337
https://bugzilla.mozilla.org/show_bug.cgi?id=554354
http://www.vupen.com/english/advisories/2011/0061
http://www.ubuntu.com/usn/USN-1007-1
http://www.redhat.com/support/errata/RHSA-2010-0782.html
http://www.redhat.com/support/errata/RHSA-2010-0781.html
http://www.mozilla.org/security/announce/2010/mfsa2010-72.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:211
http://www.mandriva.com/security/advisories?name=MDVSA-2010:210
http://www.debian.org/security/2010/dsa-2123
http://support.avaya.com/css/P8/documents/100120156
http://support.avaya.com/css/P8/documents/100114250
http://secunia.com/advisories/42867
http://secunia.com/advisories/41839
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox