Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

References:

30 Jul 2009: How the Kaminsky SSL talk at Black Hat affects various OSS librarie (Mark J. Cox)
Bug 510251 CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properl (Mark J. Cox)
Camino 1.6.9 Release Notes (Mozilla)
Merry Certmas! CN=*\x00thoughtcrime.noisebridge.net (Jacob Appelbaum)
More Tricks For Defeating SSL (Moxie Marlinspike)
Mozilla Firefox Homepage (Mozilla)
Network Security Services (NSS) Homepage (Mozilla)
Null Prefix Attacks Against SSL/TLS Certificates (Moxie Marlinspike)
SSL flaw revealed at Black Hat (Wendy Grossman)
Vulnerabilities Allow Attacker to Impersonate Any Website (Kim Zetter)
MFSA 2009-42: Compromise of SSL-protected communication (Mozilla)
Reflection for Secure IT UNIX Client and Server 7.2 Service Pack 1 New Features (Attachmate)
Reflection for Secure IT Windows Server 7.2 Service Pack 1 New Features and Rele (Attachmate)
Solution 269468 : Security Vulnerability in Mozilla Thunderbird Related to SS (Sun)

Privacy Statement
Copyright 2010, SecurityFocus