Bugtraq mailing list archives

Re: OpenSSL Vulnerabilities

From: Eric Rescorla <ekr () rtfm com>
Date: 01 Aug 2002 22:56:12 -0700

Tina Bird <tbird () precision-guesswork com> writes:

The vendors listed in the CERT advisory on the OpenSSL vulnerabilities are
all producing server-side software:

http://www.cert.org/advisories/CA-2002-23.html

Does anyone know if Netscape, Opera, Internet Explorer or any of the other
browsers are vulnerable to these issues?

Netscape and IE both have their own TLS implementations. Netscape uses
NSS and IE uses CAPI/SChannel. Of course, these implementations might
be vulnerable to similar bugs but there's no specific reason to think
they are.

-Ekr

-- 
[Eric Rescorla                                   ekr () rtfm com]
                http://www.rtfm.com/

Current thread:

OpenSSL Vulnerabilities Tina Bird (Aug 01)
- Re: OpenSSL Vulnerabilities troy (Aug 02)
- Re: OpenSSL Vulnerabilities Eric Rescorla (Aug 02)
  - Re: OpenSSL Vulnerabilities Patrick Brauch (Aug 15)
    - Re: OpenSSL Vulnerabilities Sami Dalouche (Aug 15)
- RE: OpenSSL Vulnerabilities Josh Welch (Aug 02)