Users of Mozilla's Network Security Services (NSS) please be advised of a New packages fix cryptographic weaknesses that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
DSA 2123-1: [DSA 2123-1] New NSS packages fix cryptographic weaknesses
Several vulnerabilities have been discovered in Mozilla's Network
Security Services (NSS) library. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2010-3170
NSS recognizes a wildcard IP address in the subject's Common
Name field of an X.509 certificate, which might allow
man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification
Authority.
CVE-2010-3173
NSS does not properly set the minimum key length for
Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms
via a brute-force attack.
Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/empw
No comments:
Post a Comment