Arch Linux Security Advisory ASA-201504-4 ========================================= Severity: Critical Date : 2015-04-04 CVE-ID : CVE-2015-0799 Package : firefox Type : certificate verification bypass Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package firefox before version 37.0.1-1 is vulnerable to certificate verification bypass. Resolution ========== Upgrade to 37.0.1-1. # pacman -Syu "firefox>=37.0.1-1" The problem has been fixed upstream in version 37.0.1. Workaround ========== None. Description =========== Security researcher Muneaki Nishimura discovered a flaw in the Mozilla's HTTP Alternative Services implementation. If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SSL certificates will not be displayed and an attacker could potentially impersonate another site through a man-in-the-middle (MTIM), replacing the original certificate with their own. Impact ====== A remote attacker in position of man-in-the-middle can impersonate another site, bypassing certificate validation. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2015-44/ https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0799