NSS: Certificate Authority vulnerabilities

Users of NSS please be advised of a Certificate Authority vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

USN-1007-1: [USN-1007-1] NSS Certificate Authority vulnerabilities
Details follow:

Richard Moore discovered that NSS would sometimes incorrectly match an SSL

certificate which had a Common Name that used a wildcard followed by a partial

IP address. While it is very unlikely that a Certificate Authority would issue

such a certificate, if an attacker were able to perform a man-in-the-middle

attack, this flaw could be exploited to view sensitive information.


Nelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode

(DHE) key exchange implementation which allowed servers to use a too small

key length. (CVE-2010-3173)Read more at http://www.criticalwatch.com