[Bug 1383519] [NEW] SSL 3.0 is vulnerable, browser should not use
Matt Coates
1383519 at bugs.launchpad.net
Mon Oct 20 23:42:52 UTC 2014
*** This bug is a security vulnerability ***
Public security bug reported:
Release:14.04.1
Version: 33.0+build2-0ubuntu0.14.04.1
Firefox should be configured to avoid falling back kto SSL 3.0 which is
a vulnerable protocol. This option should be configured by default.
More detail at:
http://www.kb.cert.org/vuls/id/577193
Browser reconfiguration info can be found at:
http://nakedsecurity.sophos.com/poodle-some-tips-for-turning-off-ssl-3-0/
This is slated to be fixed upstream in version 34, to be released in
late November.
For Ubuntu, the attached prefs files should be suficient.
(/usr/lib/firefox/defaults/pref/poodle.js)
-Matt
** Affects: firefox (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "/usr/lib/firefox/defaults/pref/poodle.js"
https://bugs.launchpad.net/bugs/1383519/+attachment/4240850/+files/poodle.js
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1383519
Title:
SSL 3.0 is vulnerable, browser should not use
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1383519/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list