[26520] in bugtraq
Re: OpenSSL Vulnerabilities
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Fri Aug 2 14:35:45 2002
To: Tina Bird <tbird@precision-guesswork.com>
Cc: bugtraq@securityfocus.com, cert@cert.org, <tsg@shmoo.com>
Reply-To: EKR <ekr@rtfm.com>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla <ekr@rtfm.com>
Date: 01 Aug 2002 22:56:12 -0700
In-Reply-To: Tina Bird's message of "Wed, 31 Jul 2002 21:29:14 +0000 (GMT)"
Message-ID: <kj4redajnn.fsf@romeo.rtfm.com>
Tina Bird <tbird@precision-guesswork.com> writes:
> The vendors listed in the CERT advisory on the OpenSSL vulnerabilities are
> all producing server-side software:
>
> http://www.cert.org/advisories/CA-2002-23.html
>
> Does anyone know if Netscape, Opera, Internet Explorer or any of the other
> browsers are vulnerable to these issues?
Netscape and IE both have their own TLS implementations. Netscape uses
NSS and IE uses CAPI/SChannel. Of course, these implementations might
be vulnerable to similar bugs but there's no specific reason to think
they are.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
