[26523] in bugtraq
RE: OpenSSL Vulnerabilities
daemon@ATHENA.MIT.EDU (Josh Welch)
Fri Aug 2 17:08:55 2002
From: "Josh Welch" <jwelch@buffalowildwings.com>
To: "Tina Bird" <tbird@precision-guesswork.com>
Cc: <bugtraq@securityfocus.com>
Date: Fri, 2 Aug 2002 08:45:50 -0500
Message-ID: <EDEJILJHDPHDOLLNODNKCEHLCBAA.jwelch@buffalowildwings.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20020731212743.I31724-100000@sisyphus.iocaine.com>
> The vendors listed in the CERT advisory on the OpenSSL vulnerabilities are
> all producing server-side software:
>
> http://www.cert.org/advisories/CA-2002-23.html
>
> Does anyone know if Netscape, Opera, Internet Explorer or any of the other
> browsers are vulnerable to these issues?
>
> Thanks in advance -- Tina Bird
>
> "Wine is strong, the King is stronger, women are strongest, but TRUTH
> conquers all."
> ----- Inscription in the Rosslyn Chapel (near Edinburgh, Scotland)
>
> http://www.shmoo.com/~tbird
> Log Analysis http://www.counterpane.com/log-analysis.html
> VPN http://vpn.shmoo.com
>
This just came up on firewall-wizards as a matter of fact, at least the
netscape and internet explorer portion. Those two browsers don't use
OpenSSL, so they shouldn't be affected. I believe links and lynx were
mentioned as using OpenSSL, so those would be affected. Don't know what
Opera uses.
Josh
