Security Advisory

CVE-2020-12421

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-07-09 14:39:37

Last updated 2024-08-04 11:56:51

Assigner mozilla

State PUBLISHED

Description

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

← Browse all CVEs View on cve.org ↗