openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

security flaw

The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...

netscape.msredir.txt

The first version of this document was created by Georgi Guninski, i would like to report that this bug also works on netscape Tested 4.7. I added the document with needed changes for netscape. Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The...

lydia.passwd.txt

Yet Another password storing problem was: Re: Possible Netscape Yiorgos Adamopoulos [email protected] Fri, 19 Feb 1999 16:58:13 +0200 On Tue, Feb 16, 1999 at 01:02:08PM -0600, HD Moore wrote: The password is still in the registry after you close netscape, Now that we are talking about...