Bugtraq mailing list archives

RE: OpenSSL Vulnerabilities

From: "Josh Welch" <jwelch () buffalowildwings com>
Date: Fri, 2 Aug 2002 08:45:50 -0500

The vendors listed in the CERT advisory on the OpenSSL vulnerabilities are
all producing server-side software:

http://www.cert.org/advisories/CA-2002-23.html

Does anyone know if Netscape, Opera, Internet Explorer or any of the other
browsers are vulnerable to these issues?

Thanks in advance -- Tina Bird

"Wine is strong, the King is stronger, women are strongest, but TRUTH
          conquers all."
-----     Inscription in the Rosslyn Chapel (near Edinburgh, Scotland)

http://www.shmoo.com/~tbird
Log Analysis http://www.counterpane.com/log-analysis.html
VPN http://vpn.shmoo.com


This just came up on firewall-wizards as a matter of fact, at least the
netscape and internet explorer portion. Those two browsers don't use
OpenSSL, so they shouldn't be affected. I believe links and lynx were
mentioned as using OpenSSL, so those would be affected. Don't know what
Opera uses.

Josh

Current thread:

OpenSSL Vulnerabilities Tina Bird (Aug 01)
- Re: OpenSSL Vulnerabilities troy (Aug 02)
- Re: OpenSSL Vulnerabilities Eric Rescorla (Aug 02)
  - Re: OpenSSL Vulnerabilities Patrick Brauch (Aug 15)
    - Re: OpenSSL Vulnerabilities Sami Dalouche (Aug 15)
- RE: OpenSSL Vulnerabilities Josh Welch (Aug 02)