CVE-2010-3173

Priority
Low
Description
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before
3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey
before 2.0.9 does not properly set the minimum key length for
Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote
attackers to defeat cryptographic protection mechanisms via a brute-force
attack.
References
Notes
jdstrand> update merely enforces a stronger key length
jdstrand> needs new NSPR
Assigned-to
chriscoulson
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.12.8)
Ubuntu 8.04 LTS (Hardy Heron):released (3.12.8-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.12.8-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):released (3.12.8-0ubuntu0.10.10.1)
Package
Source: nspr (LP Ubuntu Debian)
Upstream:released (4.8.6)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:18 UTC (commit 5347)