[Secure-testing-team] Bug#611461: iceweasel still does insecure ssl renegotiation?!

Christoph Anton Mitterer calestyo at scientia.net
Sat Jan 29 17:01:48 UTC 2011

Previous message: [Secure-testing-team] Melisadramaix at rediffmail.com has invited you to join Rediff MyPage
Next message: [Secure-testing-team] Bug#611680: dtc-xen - Remote authenticated root exploit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Package: iceweasel
Version: 3.5.16-4
Severity: grave
Tags: security
Justification: user security hole


Hi.

It seems that iceweasel still is vulnerable to the SSL renegotiation attack,
as simply is configured per default to allow the vulnerable renegotiation:
security.ssl.require_safe_negotiation;true


Cheers,
Chris.

Previous message: [Secure-testing-team] Melisadramaix at rediffmail.com has invited you to join Rediff MyPage
Next message: [Secure-testing-team] Bug#611680: dtc-xen - Remote authenticated root exploit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Secure-testing-team mailing list