Mozilla Firefox CVE-2015-0834 Information Disclosure Vulnerability

description-logoDescription

Security researcher Alexander Kolesnik reported while the Mozilla platform does not yet support TLS connections to TURN and STUN servers, the WebRTC implementation would accept turns: and stuns: URIs and then attempt plaintext connections to the servers when these were used. This can lead to disclosure of credentials through a Man-in-the-middle (MITM) attack as the connection is not encrypted.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2015-0834