NSS vulnerability

ID USN-2864-1
Type ubuntu
Reporter Ubuntu
Modified 2016-01-07T00:00:00


Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly
allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information.