Error Console question

jeno · Post by **jeno** » Wed Mar 24, 2010 10:53 pm

Using latest version of Noscript...
What is the signifigance of this in Error Console?

addons.mozilla.org : potentially vulnerable to CVE-2009-3555
[NoScript HTTPS] AUTOMATIC SECURE on https://addons.mozilla.org: X-Mapping-kgbglcod=5DCE4DD3FC98BAC9D6709B5FB9B0CF35; domain=addons.mozilla.org; path=/; Secure

aus2.mozilla.org : potentially vulnerable to CVE-2009-3555
services.addons.mozilla.org : potentially vulnerable to CVE-2009-3555
versioncheck.addons.mozilla.org : potentially vulnerable to CVE-2009-3555
versioncheck.addons.mozilla.org : potentially vulnerable to CVE-2009-3555
sb-ssl.google.com : potentially vulnerable to CVE-2009-3555
[NoScript HTTPS] AUTOMATIC SECURE on https://sb-ssl.google.com: PREF=ID=1f9ed71077578558:TM=1269464180:LM=1269464180:S=oSiKyasD5S9XocmF; domain=.google.com; path=/; Secure

jeno

Post by **Giorgio Maone** » Wed Mar 24, 2010 11:07 pm

jeno wrote:addons.mozilla.org : potentially vulnerable to CVE-2009-3555

This means that you've got some other add-on (not NoScript) which is scanning any web server you connect to for possible vulnerabilities (CVE-2009-3555 was the TLS negotiation injection bug).

jeno wrote: [NoScript HTTPS] AUTOMATIC SECURE on https://addons.mozilla.org: X-Mapping-kgbglcod=5DCE4DD3FC98BAC9D6709B5FB9B0CF35; domain=addons.mozilla.org; path=/; Secure

This means that you enabled automatic secure cookie management and NoScript promoted the X-Mapping-kgbglcod cookie to HTTPS-Only.

jeno · Post by **jeno** » Wed Mar 24, 2010 11:18 pm

Only Add-ons are Noscript and Element Properties 6...
IIRC, I got the first message right before I downloaded Element Properties 6???

jeno

Post by **Giorgio Maone** » Wed Mar 24, 2010 11:28 pm

jeno wrote:Only Add-ons are Noscript and Element Properties 6...

Are you double-sure? it would be very weird...

jeno · Post by **jeno** » Wed Mar 24, 2010 11:33 pm

Yes... positive!

jeno

Post by **Giorgio Maone** » Wed Mar 24, 2010 11:40 pm

https://bugzilla.mozilla.org/show_bug.cgi?id=535649

jeno · Post by **jeno** » Thu Mar 25, 2010 12:29 am

Thank you so much, Giorgio! Looks like some servers need fixed, huh?

So I've no problems here then?

jeno

Post by **therube** » Thu Mar 25, 2010 1:16 am

Just a while ago I had been reading Security:Renegotiation & trying to figure out why security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref was set to 'True'. Apparently it is True on the Branch & False (as the wiki says it should be) on the Trunk. Giorgio's link my provide the reason for that?

(Enable security.ssl.treat_unsafe_negotiation_as_broken & watch all the broken padlock icons

.)

justsomebloke · Post by **justsomebloke** » Thu Mar 25, 2010 5:20 am

therube proposed:

Enable security.ssl.treat_unsafe_negotiation_as_broken & watch all the broken padlock icons .)

Yep, that red icon is the throbber here

What would a person really need secure connections for?
money, the internets, secure mail, to list the obvious.
So far, not the bank, the isp, the mighty gmail, that I've messaged about compliance have lifted a finger to comply.

Check certificates then, they say.
Oh ha ha.
ssl is so broken.

Post by **Giorgio Maone** » Thu Mar 25, 2010 8:07 am

jeno wrote:So I've no problems here then?

Apparently not.

turnerharry69@yahoo.com · Fri Apr 02, 2010 8:15 pm

So is this bad it seems to pop up with the add on Microsoft.net framework assistant 1.0

InformAction Forums

Error Console question

Error Console question

Re: Error Console question

Re: Error Console question

Re: Error Console question

Re: Error Console question

Re: Error Console question

Re: Error Console question

Re: Error Console question

Re: Error Console question

Re: Error Console question

Re: Error Console question