http://forums.mozillazine.org/viewtopic ... &t=2935955
https://weakdh.org/
Logjam HTTPS exploit
Re: Logjam HTTPS exploit
jscher2000 suggested (in the mozillaZine thread) to disable the ciphers that are vulnerable to this attack as follows:
about:config > set security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha to false
EDIT Then restart the browser. /EDIT
I can confirm that this works against the above linked test in SeaMonkey '2.35pre' (Gecko 38.0.1) and SeaMonkey 2.26.1 (Gecko 29).
about:config > set security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha to false
EDIT Then restart the browser. /EDIT
I can confirm that this works against the above linked test in SeaMonkey '2.35pre' (Gecko 38.0.1) and SeaMonkey 2.26.1 (Gecko 29).
*Always* check the changelogs BEFORE updating that important software!
-
Re: Logjam HTTPS exploit
http://forums.mozillazine.org/viewtopic ... #p14167409
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:36.0) Gecko/20100101 SeaMonkey/2.33.1