[Pkg-mozext-maintainers] Bug#724960: Incorrect quorum length with low number of notaries and/or low quorum percentage
David Prévot
taffit at debian.org
Mon Sep 30 01:19:02 UTC 2013
Package: perspectives-extension
Severity: grave
Tags: upstream
Control: fixed -1 4.3.6-1
Control: forwarded -1 https://github.com/danwent/Perspectives/issues/87
The current flaw (triggered by a non-default setup by the user) can make
the browser basically trust any certificate. The risk to the user is, in
the worst conditions, to believe they are exchanging data with a trusted
organization, while in fact the certificate had been e.g. deactivated
(and thus facilitate MITM-attacks).
It does require a very unusual configuration, but with such a
configuration completely undermines the security model perspectives
attempts to provide.
More information is available of the upstream website:
http://perspectives-project.org/2013/09/19/security-alert-incorrect-quorum-with-low-number-of-notaries-andor-low-quorum-percentage/
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.10-3-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozext-maintainers/attachments/20130929/59ce6a41/attachment.sig>
More information about the Pkg-mozext-maintainers
mailing list