Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't patch this: Mozilla pulls Firefox encryption feature after just a week


  • Please log in to reply
No replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:05:55 AM

Posted 07 April 2015 - 08:50 PM

 

Mozilla has pulled Firefox 37's opportunistic encryption feature after less than a week when it learned that tech designed to enhance security actually broke SSL certificate validation.

A simple patch wouldn't do the trick, so Mozilla opted to release an update, Firefox 37.0.1, that removed opportunistic encryption.

Going into reverse ferret mode and stripping out technology that evidently wasn't ready for prime time is a little embarrassing for Mozilla even though this is the responsible action to take in the circumstances.

Mozilla correctly labels Firefox 37.0.1 as a critical update.

Opportunistic encryption offers some basic encryption of data previously sent as clear text. The vulnerability arises in security flaws within the Alternative Services capability that underpins opportunistic encryption.

The CVE-2015-0799 bug in Mozilla's HTTP Alternative Services implementation – discovered by security researcher Muneaki Nishimura – left surfers vulnerable to man-in-the-middle attacks that involved hackers impersonating genuine sites.

http://www.theregister.co.uk/2015/04/07/mozilla_crypto_encryption_snafu_pull/

 

Chromium Browser is looking better and better everyday.



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users