[Pidgin] #14670: Outdated NSS included with Windows installer

Pidgin trac at pidgin.im
Mon Feb 11 15:59:31 EST 2013

#14670: Outdated NSS included with Windows installer
 Reporter:  itsnotabigtruck      |       Owner:  datallah
     Type:  defect               |      Status:  closed
Milestone:  2.10.7               |   Component:  winpidgin (gtk)
  Version:  2.10.0               |  Resolution:  fixed
 Keywords:  ssl tls nss windows  |

Comment (by DrWhax):

 I discussed with Tom Ritter yesterday whether IM clients would be
 vulnerable to the "lucky thirteen" attack and this would not be quite the
 case since you can't force someone what the attacker wants for thousands
 of times (maybe if he has a libpurple/pidgin 0day, but it would be more
 trivial to eavesdrop and install a keylogger then..)

 Although.. it's better to be safe and include the latest NSS release with
 the lucky thirteen fix!

Ticket URL: <https://developer.pidgin.im/ticket/14670#comment:6>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list