[tor-talk] McAfee warns of vulnerability in Mozilla encryption

Allen Gunn gunner at aspirationtech.org
Tue Sep 30 13:44:21 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mozilla's own advisory is here:

https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

On 09/30/2014 05:25 AM, raiogam mestri wrote:
> McAfee has issued a warning to all the users who use the Mozilla
> Firefox browser - and others who share his software encryption.
> According to security firm, a serious spoofing vulnerability
> signature in Mozilla NSS cryptographic library can allow malicious
> people to create tools that can harm consumers with relative ease.
>  In addition to the Firefox browser, Mozilla NSS library can also
> be found in the Thunderbird, Seamonkey and even competitor in
> Google Chrome. Nicknamed "berserk", the vulnerability allows
> attackers to falsify signatures and divert authentication for sites
> that use SSL / TLS - which means that even websites like "https"
> can be forged with the malicious drivers. Despite the dangers of
> vulnerability, a package of updates for Firefox was released
> shortly after the issuance of the alert and is responsible for
> neutralization of problems. How Google also uses the encryption
> library in question, it is recommended that users of Google Chrome
> and Chrome OS also install the updates. 
> 

- -- 

Allen Gunn
Executive Director, Aspiration
+1.415.216.7252
www.aspirationtech.org

Aspiration: "Better Tools for a Better World"

Read our Manifesto: http://aspirationtech.org/publications/manifesto

Follow us:
Facebook: www.facebook.com/aspirationtech
Twitter:  www.twitter.com/aspirationtech

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJUKrO1AAoJENVj9yFHsyq3vysH/j0CBpC70kLBx6aPHMBzyD8H
D7AXuZZhGiTpGzzlW1dBhE2x/HqMSmnujVPsdBMF4VM8iicB7ca/3rtSn99Gw9Of
kkD8ioNLP5Nnl4Nxysgj57SbBKBiVT/y1DSKhj57RdGn0DOgKue0wFZSculDdk+J
BDQwQLQsyUHQdACSTptg1rzRS4lSc6AvA83FOLdUcxtIHExW3bNOG/XsOz6OT5U2
NpmTi/CYcvaOsbqU+ZjL1jBp55BlTV1Vcf64ZiX8F3pCSuSAm7bgwPwryu8t54Kb
2o7mkxR1KBRKjheB7GdFWA0fiG1cQzrYHqFCdmZfvZ4AhhI7P+4vXLfbfSY8SRI=
=oHT+
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list