CVE-2010-3173
EPSS 2.3%
Description
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
How to fix CVE-2010-3173
To remediate CVE-2010-3173, upgrade the affected package to a fixed version below.
- Debian/nss—upgrade to 3.12.8-1 or later
Is CVE-2010-3173 being exploited?
Low — EPSS is 2.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.12.8-1