You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-22

Mozilla Foundation Security Advisory 2010-22

Title: Update NSS to support TLS renegotiation indication
Impact: Low
Announced: March 30, 2010
Reporter: Mozilla developers and community
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.2
  Firefox 3.5.9
  Thunderbird 3.0.4
  SeaMonkey 2.0.4

Description

Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.

Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue.

References