Re: OpenSSL Vulnerabilities

From: Eric Rescorla (ekr@rtfm.com)
Date: 08/02/02


To: Tina Bird <tbird@precision-guesswork.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 01 Aug 2002 22:56:12 -0700

Tina Bird <tbird@precision-guesswork.com> writes:

> The vendors listed in the CERT advisory on the OpenSSL vulnerabilities are
> all producing server-side software:
>
> http://www.cert.org/advisories/CA-2002-23.html
>
> Does anyone know if Netscape, Opera, Internet Explorer or any of the other
> browsers are vulnerable to these issues?
Netscape and IE both have their own TLS implementations. Netscape uses
NSS and IE uses CAPI/SChannel. Of course, these implementations might
be vulnerable to similar bugs but there's no specific reason to think
they are.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/



Relevant Pages

  • Re: Browsers
    ... probably has the best track record in terms of serious ... >> vulnerabilities. ... Opera, on the other hand, has had a few serious ... with Netscape 6/Mozilla 1.0. ...
    (alt.computer.security)
  • [LSD] Java and JVM security vulnerabilities
    ... We would like to inform you about several security vulnerabilities in Java ... vulnerabilities affect at least JVMs used in Netscape Communicator and Microsoft ... changedReward Guidelines of the Bug Bounty program so that now only bugs ...
    (Bugtraq)
  • Re: where is netscape 4 in testing?
    ... Netscape 4 has quite a few known vulnerabilities. ... Kirk Strauser ... To UNSUBSCRIBE, email to debian-user-request@lists.debian.org ...
    (Debian-User)
  • More Browsers Affected by Download.jcet
    ... Netscape and more have joined the ranks of IE to the recent ... Tom ...
    (microsoft.public.security)