Secunia recommending additional tweak for Firefox

  • 3 Replies
  • 1070 Views
*

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • 373
  • Rascal & Biscuit
Secunia recommending additional tweak for Firefox
« on: March 31, 2010, 06:10:14 PM »
Secunia today (31 March) has updated its security advisories for firefox 3.6.2 (and 3.5.9), telling users to
set the "security.ssl.require_safe_negotiation" preference to "true".
(Note: This can be accessed in firefox, by going to the address bar and typing in
about:config
)
Aside from the secunia references (cited below), this doesn't seem to have gotten much publicity yet.   
Does anyone have any thoughts on this advice? --- the actual impact it has on firefox?
Is this a temporary work-around?  Or something that should be left in place permanently?

for ff 3.6.2, http://secunia.com/advisories/38608/
for ff 3.5.9, http://secunia.com/advisories/39136/

*

Offline PCBruiser

  • Malware Removal Mentors
  • Ambassador
  • Diamond Member
  • 8146
Re: Secunia recommending additional tweak for Firefox
« Reply #1 on: April 01, 2010, 07:23:36 AM »
The bad news is that when I set that to "True" I couldn't access any of my financial service company sites.  FF wouldn't even load their front page which is before trying to log in.  The good news is that you can change the setting back without ill effect.  As to whether there is a real hole or not, that looks somewhat muddy at this point, very unclear.

I'd be very cautious with this until the situation clarifies.
Don't Read?  Can't learn!

*

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • 373
  • Rascal & Biscuit
Re: Secunia recommending additional tweak for Firefox
« Reply #2 on: April 01, 2010, 08:11:44 AM »
I implemented their "fix" last night, but didn't get around to surfing in firefox until just now.

It appears that I can no longer access ANY secure (https://) site !!

So like you, I'm changing it back...  

EDIT:   I was going to make an appropriate EDIT in my original post above, but there's no MODIFY button for it  :(1
« Last Edit: April 01, 2010, 08:20:21 AM by ky331 »

*

Offline PCBruiser

  • Malware Removal Mentors
  • Ambassador
  • Diamond Member
  • 8146
Re: Secunia recommending additional tweak for Firefox
« Reply #3 on: April 02, 2010, 12:11:16 PM »
FYI:  Firefox 3.6.3 has just been released which supposedly fixes this vulnerability.  I encourage users to update to that version.
Don't Read?  Can't learn!