CVE-2016-5284 - log back

CVE-2016-5284 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Certificate verification bypass
Description
+ Due to flaws in the process used to update "Preloaded Public Key Pinning", the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected.
References
+ https://blog.mozilla.org/security/2016/09/16/update-on-add-on-pinning-vulnerability/
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1303127
Notes