|
Upgrade to the following versions of the affected products as these versions have been reported to fix this vulnerability:
Mozilla Network Security Services (NSS): version 3.11.5 or higher
Mozilla Firefox: version 2.0.2 or higher
Mozilla Thunderbird: version 1.5.0.10 or higher
Mozilla SeaMonkey: version 1.0.8 or higher
It is also possible to correct the flaw by implementing the following workaround(s): Disable the SSLv2 protocol in any product that has not already done so.
In Mozilla Firefox 1.5:
1) Click on the Advanced icon in the Options/Preferences dialog.
2) On the Security tab uncheck the box next to "Use SSL 2.0"
3) Click the "OK" button.
In Mozilla Thunderbird 1.5:
1) Click on the Advanced icon in the Options/Preferences dialog.
2) Click the "Config Editor..." button.
3) Type ssl2 in the Filter field
4) Double-click security.enable_ssl2 to change the value to false and close the window.
Mozilla Network Security Services (NSS):
Disable the SSLv2 protocol.
|