Yesterday, I wrote:
ZDNet says Mozilla products (recent ones, anyway) are safe from the
latest[FN] SSL/TLS security hole:
<http://www.zdnet.com/article/how-to-protect-yourself-against-freak/>
Of course, systems that also use other software are still vulnerable.
For example, even though my SM 2.32.1 passed the test, my fully patched
IE 11 is still vulnerable until I fix it.
--------------------
[FN]--By "latest," I mean "the most recently discovered," not "the most
recently created." This one apparently goes back decades.
Ironically, the group policy workaround described in the ZDNet article
(copied from an M$ security advisory) fixes Internet Exploiter, but
breaks Windows Update. So in order to detect and apply Micro$oft's
forthcoming patch (whenever that may be), you have to remain vulnerable.
Alternatively, you can periodically disable the workaround, restart,
check for updates, reenable the workaround, and restart.
--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
