Mozilla Foundation Security Advisory 2010-22
Update NSS to support TLS renegotiation indication
- March 30, 2010
- Mozilla developers and community
- Firefox, SeaMonkey, Thunderbird
- Fixed in
- Firefox 3.5.9
- Firefox 3.6.2
- SeaMonkey 2.0.4
- Thunderbird 3.0.4
Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.
Note that to benefit from the fix, Firefox 3.6 and
Firefox 3.5 users will need to set
security.ssl.require_safe_negotiation preference to
true. Firefox 3 does not contain the fix for this issue.