Klarinet Archive - Posting 000696.txt from 2000/05

From: fsheim@-----.com
Subj: Re: [kl] Security hole in Netscape
Date: Sun, 14 May 2000 11:25:23 -0400

I am downloading 4.73. Does this mean that I will not need the patch you
mention?

Fred (fsheim@-----.com)

At 06:41 PM 5/12/00 -0400, you wrote:
>Since many of you may be using Netscape Navigator/Communicator I thought it
>would be wise to let you know of a serious security flaw in versions 4.72
>and below when connecting to a secure (SSL) page (normally one used for
>e-commerce). A malicious site could hijack your secure information without
>your knowledge. The fix is to either upgrade to 4.73 or above, or download
>the Personal Security Manager for Netscape at
>http://www.iplanet.com/downloads/download/detail_128_316.html
>
>This information comes from:
>
>CERT Advisory CA-2000-05
>Netscape Navigator Improperly Validates SSL Sessions
>
>Original release date: May 12, 2000
>Source: ACROS, CERT/CC
>
>The full CERT advisory text is at:
>http://www.cert.org/advisories/CA-2000-05.html
>
>Mark Charette@-----.org
>Webmaster, http://www.sneezy.org
>
>
>---------------------------------------------------------------------
>Unsubscribe from Klarinet, e-mail: klarinet-unsubscribe@-----.org
>Subscribe to the Digest: klarinet-digest-subscribe@-----.org
>Additional commands: klarinet-help@-----.org
>Other problems: klarinet-owner@-----.org
>
>

---------------------------------------------------------------------
Unsubscribe from Klarinet, e-mail: klarinet-unsubscribe@-----.org
Subscribe to the Digest: klarinet-digest-subscribe@-----.org
Additional commands: klarinet-help@-----.org
Other problems: klarinet-owner@-----.org