Mozilla plans to disable Secure Sockets Layer encryption (secure layer or SSL connection, as the acronym) in the latest version of its Firefox browser that will be released on November 25, after a vulnerability was discovered called Poodle. "By exploiting this vulnerability, an attacker gains access to passwords and cookies, entering data into the private accounts of users on a web," Mozilla said in its blog. SSL 3.0 will be disabled by default in Firefox 34, Mozilla said. The code to disable the security protocol will be available shortly in Mozilla Nightly, a development version of the Mozilla browser.
TLS Protocol Mozilla Firefox has also said it will support a 35 TLS protocol with a mechanism called SCSV minor upgrade (Signaling Cipher Suite Value) as a precaution. The vulnerability Poodle, stands for Padding Oracle Encryption On Downloaded Legacy, was recently discovered by engineers from Google. Allows attackers to steal data from an encrypted transaction.
0 comments:
Post a Comment