Delivery-Date: Tue, 30 Sep 2014 08:31:07 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 6CAC11E0A25;
	Tue, 30 Sep 2014 08:31:06 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id BBF102DED7;
	Tue, 30 Sep 2014 12:31:01 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 903452D048
 for <tor-talk@lists.torproject.org>; Tue, 30 Sep 2014 12:30:57 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id t8_GAtQYwYav for <tor-talk@lists.torproject.org>;
 Tue, 30 Sep 2014 12:30:57 +0000 (UTC)
X-Greylist: delayed 310 seconds by postgrey-1.34 at eugeni;
 Tue, 30 Sep 2014 12:30:57 UTC
Received: from BLU004-OMC3S1.hotmail.com (blu004-omc3s1.hotmail.com
 [65.55.116.76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 628542CABB
 for <tor-talk@lists.torproject.org>; Tue, 30 Sep 2014 12:30:57 +0000 (UTC)
Received: from BLU180-W39 ([65.55.116.74]) by BLU004-OMC3S1.hotmail.com with
 Microsoft SMTPSVC(7.5.7601.22724); Tue, 30 Sep 2014 05:25:45 -0700
X-TMN: [sS698PAOk2t5kf+UB2vAXxPxi2RJ+p3U]
X-Originating-Email: [raiogam@hotmail.com]
Message-ID: <BLU180-W39BCBA7FCF511267C3C312B1BB0@phx.gbl>
From: raiogam mestri <raiogam@hotmail.com>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
Date: Tue, 30 Sep 2014 12:25:45 +0000
Importance: Normal
In-Reply-To: <mailman.23.1412078402.24140.tor-talk@lists.torproject.org>
References: <mailman.23.1412078402.24140.tor-talk@lists.torproject.org>
MIME-Version: 1.0
X-OriginalArrivalTime: 30 Sep 2014 12:25:45.0132 (UTC)
 FILETIME=[A87C0EC0:01CFDCA9]
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: [tor-talk] McAfee warns of vulnerability in Mozilla encryption
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

McAfee has issued a warning to all the users who use the Mozilla Firefox browser - and others who share his software encryption. According to security firm, a serious spoofing vulnerability signature in Mozilla NSS cryptographic library can allow malicious people to create tools that can harm consumers with relative ease. 
In addition to the Firefox browser, Mozilla NSS library can also be found in the Thunderbird, Seamonkey and even competitor in Google Chrome. Nicknamed "berserk", the vulnerability allows attackers to falsify signatures and divert authentication for sites that use SSL / TLS - which means that even websites like "https" can be forged with the malicious drivers. 
Despite the dangers of vulnerability, a package of updates for Firefox was released shortly after the issuance of the alert and is responsible for neutralization of problems. How Google also uses the encryption library in question, it is recommended that users of Google Chrome and Chrome OS also install the updates. 
 		 	   		  
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

