Full Disclosure mailing list archives

Re: More OpenSSL issues

From: Brandon Vincent <Brandon.Vincent () asu edu>
Date: Thu, 05 Jun 2014 18:46:29 -0700

Per the security advisory:

"The attack can only be performed between a vulnerable client *and* server."

This would have produced quite a media nightmare if most browsers used
OpenSSL instead of NSS, etc.

Chrome for Android was affected and is patched in 35.0.1916.141.

Brandon Vincent

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

More OpenSSL issues Jordan Urie (Jun 05)
- Re: More OpenSSL issues Brandon Vincent (Jun 05)
- Re: More OpenSSL issues P Vixie (Jun 06)
  - Re: More OpenSSL issues Craig Young (Jun 07)