Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2010-3173

Published: 20 October 2010

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Notes

AuthorNote
jdstrand
update merely enforces a stronger key length
needs new NSPR
Priority

Low

Status

Package Release Status
nspr
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

upstream
Released (4.8.6)
nss
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (3.12.8-0ubuntu0.8.04.1)
jaunty
Released (3.12.8-0ubuntu0.9.04.1)
karmic
Released (3.12.8-0ubuntu0.9.10.1)
lucid
Released (3.12.8-0ubuntu0.10.04.1)
maverick
Released (3.12.8-0ubuntu0.10.10.1)
upstream
Released (3.12.8)