Mozilla to Disable SSL 3.0
Mozilla said it is going to disable steady Sockets Layer (SSL) encryption in the newest model of its Firefox net browser with a view to be launched on Nov. 25 after a safety malicious program known as “Poodle” used to be discovered in an online encryption expertise.
“by using exploiting this vulnerability, an attacker can gain get right of entry to issues like passwords and cookies, enabling him to access a person’s personal account information on a web site, “Mozilla stated in its blog.
SSL 3.0 will likely be disabled by using default in Firefox 34, Mozilla said. The code to disable the protection protocol can be available rapidly by the use of Mozilla Nightly, an in-construction version of Mozilla’s browser.
Poodle Bug: Mozilla to Disable SSL 3.0 by Default in Firefox 34
Mozilla also said that Firefox 35 will support a prevalent Transport Layer security (TLS) downgrade protection mechanism called SCSV (Signaling Cipher Suite worth), as a precautionary measure.
Servers helping SCSV can forestall assaults that depend on insecure fallback.
The Poodle computer virus, which stands for Padding Oracle On Downloaded Legacy Encryption, was just lately uncovered by using Google researchers. It might allow hackers to steal data from inside an encrypted transaction.