VYPR
Unrated severityNVD Advisory· Published Oct 15, 2014· Updated Jun 17, 2026

CVE-2014-1582

CVE-2014-1582

Description

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.