X
Tap here to go to the mobile version of the site.

Support Forum

Does anyone know how soon before Firefox is no longer subject to Logjam?

Posted

Just a quickie for the development team. Have several individuals asking me how long before the Logjam vulnerability in Firefox is fixed? Thanks

Just a quickie for the development team. Have several individuals asking me how long before the Logjam vulnerability in Firefox is fixed? Thanks

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 11.0.11
  • Citrix Online App Detector Plugin
  • Google Update
  • Intel web components for Intel® Identity Protection Technology
  • Intel web components updater - Installs and updates the Intel web components
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.31.2 for Mozilla browsers
  • Photodex Presenter Plugin 6,00,0,3410
  • Picasa plugin
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 17.0 r0
  • 5.1.40416.0
  • NPWLPG

Application

  • Firefox 38.0.1
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
  • Support URL: https://support.mozilla.org/1/firefox/38.0.1/WINNT/en-US/

Extensions

  • ColorfulTabs 27.3 ({0545b830-f0aa-4d7e-8820-50a4629a56fe})
  • Flash and Video Download 1.71 ({bee6eb20-01e0-ebd1-da83-080329fb9a3a})
  • Skype Click to Call 7.3.16540.9015 ({82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics 3000
  • adapterDescription2:
  • adapterDeviceID: 0x0126
  • adapterDeviceID2:
  • adapterDrivers: igdumd64 igd10umd64 igd10umd64 igdumd32 igd10umd32 igd10umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 21d217aa
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.2.9200.17292
  • driverDate: 10-31-2013
  • driverDate2:
  • driverVersion: 9.17.10.3347
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 3000 Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
Tyler Downer
  • Top 25 Contributor
  • Moderator
1531 solutions 10678 answers

Helpful Reply

It will be fixed in either Firefox 38.0.5 (which comes out in two weeks) or 39 (two weeks after that) depending on how quickly Security teams can review the fix.

It will be fixed in either Firefox 38.0.5 (which comes out in two weeks) or 39 (two weeks after that) depending on how quickly Security teams can review the fix.
jscher2000
  • Top 10 Contributor
8704 solutions 71130 answers

Helpful Reply

Temporary workaround is to disable the insecure ciphers as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the search box above the list, type or paste ssl3 and pause while the list is filtered

(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (this usually would be the first item on the list)

(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (this usually would be the second item on the list)

That's it, you can test on this page: https://www.ssllabs.com/ssltest/viewMyClient.html

Temporary workaround is to disable the insecure ciphers as follows: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful. (2) In the search box above the list, type or paste '''ssl3''' and pause while the list is filtered (3) Double-click the '''security.ssl3.dhe_rsa_aes_128_sha''' preference to switch it from true to false (this usually would be the first item on the list) (4) Double-click the '''security.ssl3.dhe_rsa_aes_256_sha''' preference to switch it from true to false (this usually would be the second item on the list) That's it, you can test on this page: https://www.ssllabs.com/ssltest/viewMyClient.html
Agent_Vanilla 1 solutions 11 answers

Hi, my Firefox version is 35.0.5 but if I check this browser version against https://weakdh.org/, this version is still coming up as vulnerable. Please advise if there is a continued issue with 35.0.5, or if there shouldn't be, what diagnostic information is required to figure out what's going on.

Hi, my Firefox version is 35.0.5 but if I check this browser version against https://weakdh.org/, this version is still coming up as vulnerable. Please advise if there is a continued issue with 35.0.5, or if there shouldn't be, what diagnostic information is required to figure out what's going on.
Tyler Downer
  • Top 25 Contributor
  • Moderator
1531 solutions 10678 answers

The fix for logjam will be in Firefox 39, coming out in two weeks.

If you'd like to patch Firefox in the meantime, you can install https://addons.mozilla.org/en-US/firefox/addon/disable-dhe (note this add-on won't be necessary after Firefox 39 comes out)

The fix for logjam will be in Firefox 39, coming out in two weeks. If you'd like to patch Firefox in the meantime, you can install https://addons.mozilla.org/en-US/firefox/addon/disable-dhe (note this add-on won't be necessary after Firefox 39 comes out)
cor-el
  • Top 10 Contributor
  • Moderator
17482 solutions 158010 answers

Note that all this extension does is disabling the two involved cipher suites by setting the above mentioned prefs to false.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

You can easily do this in any Firefox version on the about:config page.


  • Bug 1138554 - NSS accepts export-length DHE keys with regular DHE cipher suites
Note that all this extension does is disabling the two involved cipher suites by setting the above mentioned prefs to false. *security.ssl3.dhe_rsa_aes_128_sha *security.ssl3.dhe_rsa_aes_256_sha You can easily do this in any Firefox version on the <b>about:config</b> page. ---- *Bug 1138554 - NSS accepts export-length DHE keys with regular DHE cipher suites
Agent_Vanilla 1 solutions 11 answers

Thanks, I did the about:config settings change. Appreciate it.

Thanks, I did the about:config settings change. Appreciate it.