Mozilla Foundation Security Advisory 2010-72
Title: Insecure Diffie-Hellman key exchange
Announced: October 19, 2010
Reporter: Nelson Bolyard
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.11
Mozilla cryptographer Nelson Bolyard reported that the SSL implementation was permitting servers to use Diffie-Hellman Ephemeral mode (DHE) with too short of a minimum key length. DHE keys of such lengths are trivially breakable on modern hardware so SSL servers operating in this mode were providing very little effective security for their clients.