CVE-2010-3173 Information

Description

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11 Thunderbird before 3.0.9 and 3.1.x before 3.1.5 and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Reference

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://secunia.com/advisories/41839 http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2123 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-2010:211 http://www.mozilla.org/security/announce/2010/mfsa2010-72.html http://www.redhat.com/support/errata/RHSA-2010-0781.html http://www.redhat.com/support/errata/RHSA-2010-0782.html http://www.ubuntu.com/usn/USN-1007-1 http://www.vupen.com/english/advisories/2011/0061 https://bugzilla.mozilla.org/show_bug.cgi?id=554354 https://bugzilla.mozilla.org/show_bug.cgi?id=583337 https://bugzilla.mozilla.org/show_bug.cgi?id=587234 https://bugzilla.mozilla.org/show_bug.cgi?id=595300 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12118