CVE-2014-8642

CVE Database · CVE-2014-8642

CVE-2014-8642

· N/AModified

CVSS v3.1

N/A

EPSS

1.57%

Published

Jan 14, 2015

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.

Weaknesses (CWE)

CWE-310

Affected Products (4)

mozilla · seamonkeyvulnerable

opensuse · opensusevulnerable

mozilla · firefoxvulnerable

References (20)

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html

http://secunia.com/advisories/62242

http://secunia.com/advisories/62250

http://secunia.com/advisories/62253