Unrated severityNVD Advisory· Published Jan 18, 2014· Updated Apr 29, 2026

CVE-2013-1740

Description

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.

Affected products

Mozilla Corporation/Network Security Services47 versions
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*+ 46 more
- cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*range: <=3.15.3
- cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
osv-coords
pkg:rpm/opensuse/mozilla-nss&distro=openSUSE%20Tumbleweed
Range: < 3.26.2-1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000