1208731 – (CVE-2015-0799) CVE-2015-0799 Mozilla: Certificate verification bypass through the HTTP/2 Alt-Svc header (MFSA 2015-44)

Bug 1208731 (CVE-2015-0799) - CVE-2015-0799 Mozilla: Certificate verification bypass through the HTTP/2 Alt-Svc header (MFSA 2015-44)

Summary: CVE-2015-0799 Mozilla: Certificate verification bypass through the HTTP/2 Alt...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2015-0799
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1208733
TreeView+	depends on / blocked

Reported:	2015-04-03 03:40 UTC by Huzaifa S. Sidhpurwala
Modified:	2026-06-12 10:14 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-04-03 03:45:53 UTC
Embargoed:

Attachments	(Terms of Use)

Description Huzaifa S. Sidhpurwala 2015-04-03 03:40:53 UTC

Security researcher Muneaki Nishimura discovered a flaw in the Mozilla's HTTP Alternative Services implementation. If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SSL certificates will not be displayed and an attacker could potentially impersonate another site through a man-in-the-middle (MTIM), replacing the original certificate with their own. 


External Reference:

http://www.mozilla.org/security/announce/2015/mfsa2015-44.html


Acknowledgements:

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Muneaki Nishimura as the original reporter.

Statement:

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Comment 1 Lucas Fernandez 2026-06-12 10:14:36 UTC

Work break so short it feels like lightning bug flicker, slammed tablet Wi-Fi hit sexcamscafe.com and keyed "sex live" outta habit; pop straight into room thick-Thighed Latina cosplaying Lara-Croft wielding silicone artifact look funnier than Tomb-Raider sequel porn parody she stuffin with grin askin tokens every vibe upgrade like carnival hammer bell ready to pop. Couples rooms featuring Kansas farmhouse gal moaning more dramatic than wheat-field tornado she riding hubby reverse he keeps hat never falls classic Midwest miracle hat on headgear during tornado. Place guarantees adult cams require zero BS registration so lurk until fingers wrinkle then tip like rounding up bar tab spare change-no brainer fun.
https://livesexcamsxxx.org/bellad0nna/
https://sexcamscafe.com/NicolleStark/
https://sexcamshub.cc/SweetAlegra_/
 Woke too damn early thanks thunderstorm, opened livesexcamsxxx.org phone balanced on belly connected motel shaky Wi-Fi hit "live cam strip" search, instant room fulla Cali surfer chick packing massive tits ridin' longboard shaped toy calls it cardio while whole room egging her splashing tokens like Pacific waves hitting reef-felt practically sea spray on screen. Swap group couples tag find Oregon hippie-duo puffin herbal same-time bangin' missionary while lava lamp syncing lava pace, hell soothing like fish-eye lens on lava lamp. Entire joint waves bye-bye wallet needed you want purely peek so grab coffee let 'em entertain till sunrise gratis like PBS funded by dirty-minded viewers not tax dollars.

Note You need to log in before you can comment on or make changes to this bug.