CVE-2010-3173
Priority
Low
Description
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before
3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey
before 2.0.9 does not properly set the minimum key length for
Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote
attackers to defeat cryptographic protection mechanisms via a brute-force
attack.
3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey
before 2.0.9 does not properly set the minimum key length for
Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote
attackers to defeat cryptographic protection mechanisms via a brute-force
attack.
References
Notes
jdstrand> update merely enforces a stronger key length
jdstrand> needs new NSPR
jdstrand> needs new NSPR
Assigned-to
chriscoulson
Package
| Upstream: | released (3.12.8) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (3.12.8-0ubuntu0.8.04.1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (3.12.8-0ubuntu0.10.04.1) |
| Ubuntu 11.04 (Natty Narwhal): | released (3.12.8-0ubuntu0.10.10.1) |
Package
| Upstream: | released (4.8.6) |
| Ubuntu 8.04 LTS (Hardy Heron): | not-affected |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected |
| Ubuntu 11.04 (Natty Narwhal): | not-affected |