Avatar for Username

Cerca nel supporto

Attenzione alle mail truffa. Mozilla non chiederà mai di chiamare o mandare messaggi a un numero di telefono o di inviare dati personali. Segnalare qualsiasi attività sospetta utilizzando l'opzione “Segnala abuso”.

Learn More

Questa discussione è archiviata. Inserire una nuova richiesta se occorre aiuto.

cannot log in to website (Error Message); transaction.cityofmerced.org.potentially vulnerable CVE-2009-3555

  • 2 risposte
  • 0 hanno questo problema
  • 8 visualizzazioni
  • Ultima risposta di cor-el

AnonymousUser
AnonymousUser
more options

NEW Login Problem when attempting to pay Utility bill as I've normally done

The WEB site page then displays message: We apologize, the system is temporarily down.

Please report the following to the System Administrator: java.lang.Exception: This website does not currently support your web browser. You can view this site in Internet Explorer or FireFox

My FireFox error console on browser displays = "transactions.cityofmerced.org:potentially.vulnerable.CVE-2009-3555"

Jave search yields the following

Cyber Risk Report March 29–April 4, 2010 

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability

IntelliShield Vulnerability Alert 19361, Version 43, April 1, 2010 Urgency/Credibility/Severity Rating: 2/5/3 CVE-2009-3555

Multiple TLS implementations contain a vulnerability when renegotiating a Transport Layer Security (TLS) session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. Proof-of-concept code that exploits this vulnerability is publicly available. Mozilla and Oracle, in addition to other vendors, have released updates for this vulnerability. http://www.cisco.com/web/about/security/intelligence/CRR_mar29-apr4.html

Will FireFox browser updates address this security problem???

URL of affected sites

http://transactions.cityofmerced.org/Click2GovCX/Index.jsp

User Agent

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefo796804586903 887809903

NEW Login Problem when attempting to pay Utility bill as I've normally done -------------------------------------- The WEB site page then displays message: We apologize, the system is temporarily down. Please report the following to the System Administrator: java.lang.Exception: This website does not currently support your web browser. You can view this site in Internet Explorer or FireFox --------------------- My FireFox error console on browser displays = "transactions.cityofmerced.org:potentially.vulnerable.CVE-2009-3555" --------------------- Jave search yields the following --------------------- Cyber Risk Report March 29–April 4, 2010 Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability IntelliShield Vulnerability Alert 19361, Version 43, April 1, 2010 Urgency/Credibility/Severity Rating: 2/5/3 CVE-2009-3555 Multiple TLS implementations contain a vulnerability when renegotiating a Transport Layer Security (TLS) session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. Proof-of-concept code that exploits this vulnerability is publicly available. Mozilla and Oracle, in addition to other vendors, have released updates for this vulnerability. http://www.cisco.com/web/about/security/intelligence/CRR_mar29-apr4.html --------------------------------------------------- Will FireFox browser updates address this security problem??? == URL of affected sites == http://transactions.cityofmerced.org/Click2GovCX/Index.jsp == User Agent == Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefo796804586903 887809903

Tutte le risposte (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

That message is meant for webmasters to make them aware that they need to fix their servers. Firefox 3.6 versions can detect such a misconfiguration and displays a warning in the "Tools > Error Console".

See https://wiki.mozilla.org/Security:Renegotiation

AnonymousUser
AnonymousUser Utente che ha posto la domanda
more options

Thanks cor-el, I sent your answer on to the Webmaster.

I.E. still allows the negotiation of the (TLS) session and I mistook it to mean Firefox had fallen behind and was being refused access by the site.

You're saying because the Browser can detect such a misconfiguration that it won't accept the security risk of a misconfiguration at the site?

I appreciate your reply and explanation!! Bill Rogers