-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mozilla's own advisory is here:
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html On 09/30/2014 05:25 AM, raiogam mestri wrote: > McAfee has issued a warning to all the users who use the Mozilla > Firefox browser - and others who share his software encryption. > According to security firm, a serious spoofing vulnerability > signature in Mozilla NSS cryptographic library can allow malicious > people to create tools that can harm consumers with relative ease. > In addition to the Firefox browser, Mozilla NSS library can also > be found in the Thunderbird, Seamonkey and even competitor in > Google Chrome. Nicknamed "berserk", the vulnerability allows > attackers to falsify signatures and divert authentication for sites > that use SSL / TLS - which means that even websites like "https" > can be forged with the malicious drivers. Despite the dangers of > vulnerability, a package of updates for Firefox was released > shortly after the issuance of the alert and is responsible for > neutralization of problems. How Google also uses the encryption > library in question, it is recommended that users of Google Chrome > and Chrome OS also install the updates. > - -- Allen Gunn Executive Director, Aspiration +1.415.216.7252 www.aspirationtech.org Aspiration: "Better Tools for a Better World" Read our Manifesto: http://aspirationtech.org/publications/manifesto Follow us: Facebook: www.facebook.com/aspirationtech Twitter: www.twitter.com/aspirationtech - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJUKrO1AAoJENVj9yFHsyq3vysH/j0CBpC70kLBx6aPHMBzyD8H D7AXuZZhGiTpGzzlW1dBhE2x/HqMSmnujVPsdBMF4VM8iicB7ca/3rtSn99Gw9Of kkD8ioNLP5Nnl4Nxysgj57SbBKBiVT/y1DSKhj57RdGn0DOgKue0wFZSculDdk+J BDQwQLQsyUHQdACSTptg1rzRS4lSc6AvA83FOLdUcxtIHExW3bNOG/XsOz6OT5U2 NpmTi/CYcvaOsbqU+ZjL1jBp55BlTV1Vcf64ZiX8F3pCSuSAm7bgwPwryu8t54Kb 2o7mkxR1KBRKjheB7GdFWA0fiG1cQzrYHqFCdmZfvZ4AhhI7P+4vXLfbfSY8SRI= =oHT+ -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
