Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23561
HistoryApr 06, 2010 - 12:00 a.m.

Mozilla Foundation Security Advisory 2010-22

2010-04-0600:00:00
vulners.com
22

Mozilla Foundation Security Advisory 2010-22

Title: Update NSS to support TLS renegotiation indication
Impact: Low
Announced: March 30, 2010
Reporter: Mozilla developers and community
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.2
Firefox 3.5.9
Thunderbird 3.0.4
SeaMonkey 2.0.4
Description

Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.

Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=545755
* CVE-2009-3555