Mozilla

mozilla

Mozilla Foundation Security Advisory 2010-22

Update NSS to support TLS renegotiation indication

Announced
March 30, 2010
Reporter
Mozilla developers and community
Impact
Low
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 3.5.9
  • Firefox 3.6.2
  • SeaMonkey 2.0.4
  • Thunderbird 3.0.4

Description

Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.

Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue.

References