CVE-2011-5094

Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions 3.x

Description The issue is related to the SSL ENABLE RENEGOTIATION option in certain settings, which does not properly restrict client-initiated renegotiation within the SSL and TLS protocols. This could allow remote attackers to cause a denial of service by performing many renegotiations within a single connection, leading to CPU consumption.

Recommendations For Mozilla Network Security Services (NSS) versions 3.x, consider disabling the SSL ENABLE RENEGOTIATION option or limiting renegotiation when it is inappropriate within a specific environment to minimize the risk of exploitation.