CVE-2010-3173

Publication date 20 October 2010

Last updated 24 July 2024


Ubuntu priority

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Read the notes from the security team

Status

Package Ubuntu Release Status
nspr 10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release
nss 10.10 maverick
Fixed 3.12.8-0ubuntu0.10.10.1
10.04 LTS lucid
Fixed 3.12.8-0ubuntu0.10.04.1
9.10 karmic
Fixed 3.12.8-0ubuntu0.9.10.1
9.04 jaunty
Fixed 3.12.8-0ubuntu0.9.04.1
8.04 LTS hardy
Fixed 3.12.8-0ubuntu0.8.04.1
6.06 LTS dapper Not in release

Notes


jdstrand

update merely enforces a stronger key length needs new NSPR

References

Related Ubuntu Security Notices (USN)

Other references