Results 1 to 1 of 1
2010-04-02, 17:50 #1
- Join Date
- Feb 2001
- Silicon Valley, USA
- Thanked 94 Times in 90 Posts
If you ever look in Firefox's error console, you may start seeing error messages similar to the following for secure (HTTPS) sites:
mail.google.com : potentially vulnerable to CVE-2009-3555
bugzilla.mozilla.org : potentially vulnerable to CVE-2009-3555
login.yahoo.com : potentially vulnerable to CVE-2009-3555
In 2009 a flaw was discovered in the SSL/TLS protocol which is widely used in Internet applications, for example when accessing web pages using the "https" method.
This flaw could allow a MITM (man in the middle) to inject data into a connection between an Internet client and an Internet server, and potentially allow an attacker to execute commands using the credentials of an Internet user, or to even steal authentication credentials.
Because the flaw is not specific to any specific software product, but rather a fundamental design flaw, a lot of software using SSL/TLS is vulnerable.