[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] McAfee warns of vulnerability in Mozilla encryption

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] McAfee warns of vulnerability in Mozilla encryption
From: raiogam mestri <raiogam@xxxxxxxxxxx>
Date: Tue, 30 Sep 2014 12:25:45 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 30 Sep 2014 08:31:07 -0400
Importance: Normal
In-reply-to: <mailman.23.1412078402.24140.tor-talk@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <mailman.23.1412078402.24140.tor-talk@xxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

McAfee has issued a warning to all the users who use the Mozilla Firefox browser - and others who share his software encryption. According to security firm, a serious spoofing vulnerability signature in Mozilla NSS cryptographic library can allow malicious people to create tools that can harm consumers with relative ease. 
In addition to the Firefox browser, Mozilla NSS library can also be found in the Thunderbird, Seamonkey and even competitor in Google Chrome. Nicknamed "berserk", the vulnerability allows attackers to falsify signatures and divert authentication for sites that use SSL / TLS - which means that even websites like "https" can be forged with the malicious drivers. 
Despite the dangers of vulnerability, a package of updates for Firefox was released shortly after the issuance of the alert and is responsible for neutralization of problems. How Google also uses the encryption library in question, it is recommended that users of Google Chrome and Chrome OS also install the updates. 
 		 	   		  
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] McAfee warns of vulnerability in Mozilla encryption
  - From: Allen Gunn

Prev by Author: Re: [tor-talk] Fwd: Re: Tor 0.2.4.24 and 0.2.5.8-rc are out
Next by Author: Re: [tor-talk] Bittorrent Bleep
Previous by thread: [tor-talk] was router to relay. try torcloud ?e: (no subject)
Next by thread: Re: [tor-talk] McAfee warns of vulnerability in Mozilla encryption
Index(es):
- Author
- Thread