Bug#611461: iceweasel still does insecure ssl renegotiation?!

Christoph Anton Mitterer calestyo at scientia.net
Sat Jan 29 17:01:48 UTC 2011

Previous message: Getting GPG signature verification error The following signatures were invalid: NODATA 1 NODATA 2
Next message: Bug#611461: iceweasel still does insecure ssl renegotiation?!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Package: iceweasel
Version: 3.5.16-4
Severity: grave
Tags: security
Justification: user security hole


Hi.

It seems that iceweasel still is vulnerable to the SSL renegotiation attack,
as simply is configured per default to allow the vulnerable renegotiation:
security.ssl.require_safe_negotiation;true


Cheers,
Chris.

Previous message: Getting GPG signature verification error The following signatures were invalid: NODATA 1 NODATA 2
Next message: Bug#611461: iceweasel still does insecure ssl renegotiation?!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the pkg-mozilla-maintainers mailing list