You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-72
Mozilla Foundation Security Advisory 2010-72
Title: Insecure Diffie-Hellman key exchange
Impact: Low
Announced: October 19, 2010
Reporter: Nelson Bolyard
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.11
Firefox 3.5.14
Thunderbird 3.1.5
Thunderbird 3.0.9
SeaMonkey 2.0.9
Description
Mozilla cryptographer Nelson Bolyard reported that the SSL implementation was permitting servers to use Diffie-Hellman Ephemeral mode (DHE) with too short of a minimum key length. DHE keys of such lengths are trivially breakable on modern hardware so SSL servers operating in this mode were providing very little effective security for their clients.