Sean Martell

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.14 and 3.6.x prior to 3.6.11 Thunderbird versions prior to 3.0.9 and 3.1.x prior to 3.1.5 SeaMonkey versions prior to 2.0.9 libnss3-1d-dbg (affected versions not specified) libnss3-tools (affected versions not specified) libnss3-1d (affected versions not specified) libnss3-dev (affected versions not specified) **Description** The issue is related to the SSL implementation, which does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode. This makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For Mozilla Firefox versions prior to 3.5.14 and 3.6.x prior to 3.6.11, update to version 3.5.14 or 3.6.11 or later. For Thunderbird versions prior to 3.0.9 and 3.1.x prior to 3.1.5, update to version 3.0.9 or 3.1.5 or later. For SeaMonkey versions prior to 2.0.9, update to version 2.0.9 or later. For libnss3-1d-dbg, libnss3-tools, libnss3-1d, and libnss3-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability.