You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-22
Mozilla Foundation Security Advisory 2010-22
Title: Update NSS to support TLS renegotiation indication
Impact: Low
Announced: March 30, 2010
Reporter: Mozilla developers and community
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.2
Firefox 3.5.9
Thunderbird 3.0.4
SeaMonkey 2.0.4
Description
Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.
Note that to benefit from the fix, Firefox 3.6 and
Firefox 3.5 users will need to set
their security.ssl.require_safe_negotiation
preference to
true. Firefox 3 does not contain the fix for this issue.