Mozilla Foundation Security Advisory 2010-22
Title: Update NSS to support TLS renegotiation indication
Announced: March 30, 2010
Reporter: Mozilla developers and community
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.2
Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.
Note that to benefit from the fix, Firefox 3.6 and
Firefox 3.5 users will need to set
security.ssl.require_safe_negotiation preference to
true. Firefox 3 does not contain the fix for this issue.