[Pidgin] #14670: Outdated NSS included with Windows installer
Pidgin
trac at pidgin.im
Mon Feb 11 15:59:31 EST 2013
#14670: Outdated NSS included with Windows installer
---------------------------------+------------------------------
Reporter: itsnotabigtruck | Owner: datallah
Type: defect | Status: closed
Milestone: 2.10.7 | Component: winpidgin (gtk)
Version: 2.10.0 | Resolution: fixed
Keywords: ssl tls nss windows |
---------------------------------+------------------------------
Comment (by DrWhax):
I discussed with Tom Ritter yesterday whether IM clients would be
vulnerable to the "lucky thirteen" attack and this would not be quite the
case since you can't force someone what the attacker wants for thousands
of times (maybe if he has a libpurple/pidgin 0day, but it would be more
trivial to eavesdrop and install a keylogger then..)
Although.. it's better to be safe and include the latest NSS release with
the lucky thirteen fix!
--
Ticket URL: <https://developer.pidgin.im/ticket/14670#comment:6>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list