Re: OpenSSL Vulnerabilities

From: Eric Rescorla (ekrat_private)
Date: Thu Aug 01 2002 - 22:56:12 PDT

Next message: Tom Yu: "MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin system"

Previous message: troy: "Re: OpenSSL Vulnerabilities"
Next in thread: Patrick Brauch: "Re: OpenSSL Vulnerabilities"
Reply: Patrick Brauch: "Re: OpenSSL Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tina Bird <tbird@precision-guesswork.com> writes:

> The vendors listed in the CERT advisory on the OpenSSL vulnerabilities are
> all producing server-side software:
> 
> http://www.cert.org/advisories/CA-2002-23.html
> 
> Does anyone know if Netscape, Opera, Internet Explorer or any of the other
> browsers are vulnerable to these issues?
Netscape and IE both have their own TLS implementations. Netscape uses
NSS and IE uses CAPI/SChannel. Of course, these implementations might
be vulnerable to similar bugs but there's no specific reason to think
they are.

-Ekr

-- 
[Eric Rescorla                                   ekrat_private]
                http://www.rtfm.com/

Next message: Tom Yu: "MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin system"
Previous message: troy: "Re: OpenSSL Vulnerabilities"
Next in thread: Patrick Brauch: "Re: OpenSSL Vulnerabilities"
Reply: Patrick Brauch: "Re: OpenSSL Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 02 2002 - 11:35:18 PDT