Closed Bug 666110 Opened 13 years ago Closed 13 years ago

services.addons.mozilla.org does not support RFC 5746, potentially vulnerable to CVE-2009-3555

Tracking

(Not tracked)

Status:

RESOLVED DUPLICATE of bug 657920

People

(Reporter: dveditz, Unassigned)

References

(
URL
)

Details

Daniel Veditz [:dveditz]

Reporter

Description

•

13 years ago

https://services.addons.mozilla.org/ gives warnings in the error console that it does not support RFC 5746 and is potentially vulnerable to CVE-2009-3555. It does not show the safe SSL indicators if the user has set security.ssl.treat_unsafe_renegotiation_as_broken to true

Daniel Veditz [:dveditz]

Reporter

Comment 1

•

13 years ago

versioncheck.AMO and AMO itself seem to be OK, though.

Corey Shields [:cshields]

Updated

•

13 years ago

Status: NEW → RESOLVED

Closed: 13 years ago

Resolution: --- → DUPLICATE

Nick

Comment 3

•

13 years ago

Firefox 6b2
"versioncheck.addons.mozilla.org : server does not support RFC 5746, see CVE-2009-3555"

Nobody; OK to take it and work on it

Updated

•

9 years ago

Product: mozilla.org → mozilla.org Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

services.addons.mozilla.org does not support RFC 5746, potentially vulnerable to CVE-2009-3555

Categories

(mozilla.org Graveyard :: Server Operations, task)

Tracking

(Not tracked)

People

(Reporter: dveditz, Unassigned)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 3

Updated