logo
DATABASE RESOURCES PRICING ABOUT US

Mozilla Foundation Security Advisory 2010-72

Description

Mozilla Foundation Security Advisory 2010-72 Title: Insecure Diffie-Hellman key exchange Impact: Low Announced: October 19, 2010 Reporter: Nelson Bolyard Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.11 Firefox 3.5.14 Thunderbird 3.1.5 Thunderbird 3.0.9 SeaMonkey 2.0.9 Description Mozilla cryptographer Nelson Bolyard reported that the SSL implementation was permitting servers to use Diffie-Hellman Ephemeral mode (DHE) with too short of a minimum key length. DHE keys of such lengths are trivially breakable on modern hardware so SSL servers operating in this mode were providing very little effective security for their clients. References * Weak DHE key bugs * CVE-2010-3173


Related