Mozilla SeaMonkey 2.0.x < 2.0.9 Multiple Vulnerabilities

Binary data 801286.prm...

CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

Mozilla Firefox 3.5.x < 3.5.14 Multiple Vulnerabilities

Binary data 5681.prm...

NSS: insecure Diffie-Hellman key exchange

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

NSS: insecure Diffie-Hellman key exchange

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

Insecure Diffie-Hellman key exchange — Mozilla

Mozilla cryptographer Nelson Bolyard reported that the SSL implementation was permitting servers to use Diffie-Hellman Ephemeral mode DHE with too short of a minimum key length. DHE keys of such lengths are trivially breakable on modern hardware so SSL servers operating in this mode were providin...

firefox, nspr, nss, xulrunner security update

CentOS Errata and Security Advisory CESA-2010:0681 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVS...

DEBIAN-CVE-2010-2939

Double free vulnerability in the ssl3getkeyexchange function in the OpenSSL client ssl/s3clnt.c in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...

Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Mon Mar 29 15:54:57 CDT 2010 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/sendmailadvisory.asc VULNERABILITY SUMMARY VULNERABILITY: AIX sendmail SSL...

OpenSSH 4.4 is available

OpenSSH 4.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100 complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community...

FreeBSD : tor -- diffie-hellman handshake flaw (5fde5c30-0f4e-11da-bc01-000e0c2e438a)

A tor advisory reports Tor clients can completely loose anonymity, confidentiality, and data integrity if the first Tor server in their path is malicious. Specifically, if the Tor client chooses a malicious Tor server for her first hop in the circuit, that server can learn all the keys she...

Code injection

nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack...

CVE-2006-1115

CVE-2006-1115 affects nCipher HSM prior to 2.22.6. When generating a Diffie-Hellman public/private key pair without explicit DiscreteLogGroup parameters, the HSM may choose random parameters that could let an attacker recover the private key in less time than a brute-force search. The provided do...

CVE-2006-1115

nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack...

nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nCipher Security Advisory No. 12 Insecure Generation of Diffie-Hellman keys ------------------------------------------ Note ==== nCipher is publishing three advisories numbered 12, 13, and 14 simultaneously. You are advised to review all three before...

Tor: Information disclosure

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description The Diffie-Hellman implementation of Tor fails to verify the cryptographic strength of keys which are used during handshakes. Impact By setting up a malicio...

CVE-2005-2643

Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman DH handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit...

CVE-2005-2643

Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman DH handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit...

DEBIAN-CVE-2005-2643

Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman DH handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit...

CVE-2005-2643

Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman DH handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit...