thr3ads.net - Secure testing team - [Secure-testing-team] Bug#611461: iceweasel still does insecure ssl renegotiation?! [Jan 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Christoph Anton Mitterer

2011-Jan-29 17:01 UTC

[Secure-testing-team] Bug#611461: iceweasel still does insecure ssl renegotiation?!

Package: iceweasel
Version: 3.5.16-4
Severity: grave
Tags: security
Justification: user security hole


Hi.

It seems that iceweasel still is vulnerable to the SSL renegotiation attack,
as simply is configured per default to allow the vulnerable renegotiation:
security.ssl.require_safe_negotiation;true


Cheers,
Chris.

Secure testing team - Jan 2011 - Bug#611461: iceweasel still does insecure ssl renegotiation?!

[Secure-testing-team] Bug#611461: iceweasel still does insecure ssl renegotiation?!