Package: iceweasel
Version: 3.5.16-4
Severity: grave
Tags: security
Justification: user security hole
Hi.
It seems that iceweasel still is vulnerable to the SSL renegotiation attack,
as simply is configured per default to allow the vulnerable renegotiation:
On Saturday 29 January 2011, Christoph Anton Mitterer wrote:
It seems that iceweasel still is vulnerable to the SSL
renegotiation attack, as simply is configured per default to allow
the vulnerable renegotiation:
This has to be balanced between compatibility and security. Currently
less than
On Sat, 2011-01-29 at 18:47 +0100, Stefan Fritsch wrote:
This has to be balanced between compatibility and security. Currently
less than 50% of the servers on the internet are patched. So it is
sensible to not deny renegotiation for unpatched servers.
Patched servers usually won't allow
On 01/29/2011 01:12 PM, Christoph Anton Mitterer wrote:
On Sat, 2011-01-29 at 18:47 +0100, Stefan Fritsch wrote:
This has to be balanced between compatibility and security. Currently
less than 50% of the servers on the internet are patched. So it is
sensible to not deny renegotiation for
4 matches
Mail list logo