Thank you for using Ubuntu and filing a bug. I am going to mark this as
"Won't Fix" for now since we don't want to disable SSLv3 ahead of
upstream of the rest of the internet. Firefox plans to disable SSLv3 by
default soon, so this update will happen when the new upstream release
is pushed to Ubuntu.
** Changed in: firefox (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1383519
Title:
SSL 3.0 is vulnerable, browser should not use
Status in “firefox” package in Ubuntu:
Won't Fix
Bug description:
Release:14.04.1
Version: 33.0+build2-0ubuntu0.14.04.1
Firefox should be configured to avoid falling back kto SSL 3.0 which
is a vulnerable protocol. This option should be configured by default.
More detail at:
http://www.kb.cert.org/vuls/id/577193
Browser reconfiguration info can be found at:
http://nakedsecurity.sophos.com/poodle-some-tips-for-turning-off-ssl-3-0/
This is slated to be fixed upstream in version 34, to be released in
late November.
For Ubuntu, the attached prefs files should be suficient.
(/usr/lib/firefox/defaults/pref/poodle.js)
-Matt
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1383519/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
