of CBC mode block cipher suites was disclosed (http://lasecwww.epfl.ch/memo_ssl.shtml). At present the
implementation of SSL and TLS in NSS is susceptible to this
method. The flaw is exploited on the recipient of sensitive
data, which is normally servers. Servers are vulnerable to
the attack only if they implement all of the following:
* TLS (supported by NSS 2.8 and later);
* cipher suites that use block ciphers;
* application protocols that are likely to receive
sensitive data (for example, passwords) at exactly
the same offset in many messages from a client.We have implemented a countermeasure and will release NSS patch releases soon. Until updated NSS libraries are available, we recommend the following action:
* Netscape/mozilla browser users do not need to take
any action. They could choose to disable TLS or
disable CBC mode block ciphersuites as a precaution
against vulnerable servers.
* Administrators of servers that are based on NSS 2.8
or later and that enable TLS need to take action.
They could disable TLS or disable CBC mode block
cipher suites.For more information, please see our article on this security flaw. (http://www.mozilla.org/projects/security/pki/nss/news/vaudenay-cbc.html)
Wan-Teh Chang
