Klarinet Archive - Posting 000647.txt from 2000/05
From: "Mark Charette" <charette@-----.org> Subj: [kl] Security hole in Netscape Date: Fri, 12 May 2000 18:41:17 -0400
Since many of you may be using Netscape Navigator/Communicator I thought it
would be wise to let you know of a serious security flaw in versions 4.72
and below when connecting to a secure (SSL) page (normally one used for
e-commerce). A malicious site could hijack your secure information without
your knowledge. The fix is to either upgrade to 4.73 or above, or download
the Personal Security Manager for Netscape at
http://www.iplanet.com/downloads/download/detail_128_316.html
This information comes from:
CERT Advisory CA-2000-05
Netscape Navigator Improperly Validates SSL Sessions
Original release date: May 12, 2000
Source: ACROS, CERT/CC
The full CERT advisory text is at:
http://www.cert.org/advisories/CA-2000-05.html
Mark Charette@-----.org
Webmaster, http://www.sneezy.org
---------------------------------------------------------------------
Unsubscribe from Klarinet, e-mail: klarinet-unsubscribe@-----.org
Subscribe to the Digest: klarinet-digest-subscribe@-----.org
Additional commands: klarinet-help@-----.org
Other problems: klarinet-owner@-----.org
|
|
|