CVE-2013-6659
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
6.4
Description
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| chrome | {"endIncluding":"33.0.1750.116"} | | |
| chrome | 33.0.1750.0 | | |
| chrome | 33.0.1750.1 | | |
| chrome | 33.0.1750.2 | | |
| chrome | 33.0.1750.3 | | |
| chrome | 33.0.1750.4 | | |
| chrome | 33.0.1750.5 | | |
| chrome | 33.0.1750.6 | | |
| chrome | 33.0.1750.7 | | |
| chrome | 33.0.1750.8 | | |
| chrome | 33.0.1750.9 | | |
| chrome | 33.0.1750.10 | | |
| chrome | 33.0.1750.11 | | |
| chrome | 33.0.1750.12 | | |
| chrome | 33.0.1750.13 | | |
| chrome | 33.0.1750.14 | | |
| chrome | 33.0.1750.15 | | |
| chrome | 33.0.1750.16 | | |
| chrome | 33.0.1750.18 | | |
| chrome | 33.0.1750.19 | | |
| chrome | 33.0.1750.20 | | |
| chrome | 33.0.1750.21 | | |
| chrome | 33.0.1750.22 | | |
| chrome | 33.0.1750.23 | | |
| chrome | 33.0.1750.24 | | |
| chrome | 33.0.1750.25 | | |
| chrome | 33.0.1750.26 | | |
| chrome | 33.0.1750.27 | | |
| chrome | 33.0.1750.28 | | |
| chrome | 33.0.1750.29 | | |
| chrome | 33.0.1750.30 | | |
| chrome | 33.0.1750.31 | | |
| chrome | 33.0.1750.34 | | |
| chrome | 33.0.1750.35 | | |
| chrome | 33.0.1750.36 | | |
| chrome | 33.0.1750.37 | | |
| chrome | 33.0.1750.38 | | |
| chrome | 33.0.1750.39 | | |
| chrome | 33.0.1750.40 | | |
| chrome | 33.0.1750.41 | | |
| chrome | 33.0.1750.42 | | |
| chrome | 33.0.1750.43 | | |
| chrome | 33.0.1750.44 | | |
| chrome | 33.0.1750.45 | | |
| chrome | 33.0.1750.46 | | |
| chrome | 33.0.1750.47 | | |
| chrome | 33.0.1750.48 | | |
| chrome | 33.0.1750.49 | | |
| chrome | 33.0.1750.50 | | |
| chrome | 33.0.1750.51 | | |
| chrome | 33.0.1750.52 | | |
| chrome | 33.0.1750.53 | | |
| chrome | 33.0.1750.54 | | |
| chrome | 33.0.1750.55 | | |
| chrome | 33.0.1750.56 | | |
| chrome | 33.0.1750.57 | | |
| chrome | 33.0.1750.58 | | |
| chrome | 33.0.1750.59 | | |
| chrome | 33.0.1750.60 | | |
| chrome | 33.0.1750.61 | | |
| chrome | 33.0.1750.62 | | |
| chrome | 33.0.1750.63 | | |
| chrome | 33.0.1750.64 | | |
| chrome | 33.0.1750.65 | | |
| chrome | 33.0.1750.66 | | |
| chrome | 33.0.1750.67 | | |
| chrome | 33.0.1750.68 | | |
| chrome | 33.0.1750.69 | | |
| chrome | 33.0.1750.70 | | |
| chrome | 33.0.1750.71 | | |
| chrome | 33.0.1750.73 | | |
| chrome | 33.0.1750.74 | | |
| chrome | 33.0.1750.75 | | |
| chrome | 33.0.1750.76 | | |
| chrome | 33.0.1750.77 | | |
| chrome | 33.0.1750.79 | | |
| chrome | 33.0.1750.80 | | |
| chrome | 33.0.1750.81 | | |
| chrome | 33.0.1750.82 | | |
| chrome | 33.0.1750.83 | | |
| chrome | 33.0.1750.85 | | |
| chrome | 33.0.1750.88 | | |
| chrome | 33.0.1750.89 | | |
| chrome | 33.0.1750.90 | | |
| chrome | 33.0.1750.91 | | |
| chrome | 33.0.1750.92 | | |
| chrome | 33.0.1750.93 | | |
| chrome | 33.0.1750.104 | | |
| chrome | 33.0.1750.106 | | |
| chrome | 33.0.1750.107 | | |
| chrome | 33.0.1750.108 | | |
| chrome | 33.0.1750.109 | | |
| chrome | 33.0.1750.110 | | |
| chrome | 33.0.1750.111 | | |
| chrome | 33.0.1750.112 | | |
| chrome | 33.0.1750.113 | | |
| chrome | 33.0.1750.115 | |
References
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html
- http://www.debian.org/security/2014/dsa-2883
- https://code.google.com/p/chromium/issues/detail?id=306959
- https://src.chromium.org/viewvc/chrome?revision=229611&view=revision
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html
- http://www.debian.org/security/2014/dsa-2883
- https://code.google.com/p/chromium/issues/detail?id=306959
- https://src.chromium.org/viewvc/chrome?revision=229611&view=revision
CWEs
CWE-310
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.