Page 1 of 1
Error Console question
Posted: Wed Mar 24, 2010 10:53 pm
by jeno
Using latest version of Noscript...
What is the signifigance of this in Error Console?
addons.mozilla.org : potentially vulnerable to CVE-2009-3555
[NoScript HTTPS] AUTOMATIC SECURE on
https://addons.mozilla.org: X-Mapping-kgbglcod=5DCE4DD3FC98BAC9D6709B5FB9B0CF35; domain=addons.mozilla.org; path=/; Secure
aus2.mozilla.org : potentially vulnerable to CVE-2009-3555
services.addons.mozilla.org : potentially vulnerable to CVE-2009-3555
versioncheck.addons.mozilla.org : potentially vulnerable to CVE-2009-3555
versioncheck.addons.mozilla.org : potentially vulnerable to CVE-2009-3555
sb-ssl.google.com : potentially vulnerable to CVE-2009-3555
[NoScript HTTPS] AUTOMATIC SECURE on
https://sb-ssl.google.com: PREF=ID=1f9ed71077578558:TM=1269464180:LM=1269464180:S=oSiKyasD5S9XocmF; domain=.google.com; path=/; Secure
jeno
Re: Error Console question
Posted: Wed Mar 24, 2010 11:07 pm
by Giorgio Maone
jeno wrote:addons.mozilla.org : potentially vulnerable to CVE-2009-3555
This means that you've got some other add-on (not NoScript) which is scanning any web server you connect to for possible vulnerabilities (CVE-2009-3555 was the TLS negotiation injection bug).
jeno wrote:
[NoScript HTTPS] AUTOMATIC SECURE on
https://addons.mozilla.org: X-Mapping-kgbglcod=5DCE4DD3FC98BAC9D6709B5FB9B0CF35; domain=addons.mozilla.org; path=/; Secure
This means that you enabled automatic secure cookie management and NoScript promoted the X-Mapping-kgbglcod cookie to HTTPS-Only.
Re: Error Console question
Posted: Wed Mar 24, 2010 11:18 pm
by jeno
Only Add-ons are Noscript and Element Properties 6...
IIRC, I got the first message right before I downloaded Element Properties 6???
jeno
Re: Error Console question
Posted: Wed Mar 24, 2010 11:28 pm
by Giorgio Maone
jeno wrote:Only Add-ons are Noscript and Element Properties 6...
Are you double-sure? it would be very weird...
Re: Error Console question
Posted: Wed Mar 24, 2010 11:33 pm
by jeno
Yes... positive!
jeno
Re: Error Console question
Posted: Wed Mar 24, 2010 11:40 pm
by Giorgio Maone
Re: Error Console question
Posted: Thu Mar 25, 2010 12:29 am
by jeno
Thank you so much, Giorgio! Looks like some servers need fixed, huh?
So I've no problems here then?
jeno
Re: Error Console question
Posted: Thu Mar 25, 2010 1:16 am
by therube
Just a while ago I had been reading
Security:Renegotiation & trying to figure out why security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref was set to 'True'. Apparently it is True on the Branch & False (as the wiki says it should be) on the Trunk. Giorgio's link my provide the reason for that?
(Enable security.ssl.treat_unsafe_negotiation_as_broken & watch all the broken padlock icons
.)
Re: Error Console question
Posted: Thu Mar 25, 2010 5:20 am
by justsomebloke
therube proposed:
Enable security.ssl.treat_unsafe_negotiation_as_broken & watch all the broken padlock icons
.)
Yep, that red icon is the throbber here
What would a person really need secure connections for?
money, the internets, secure mail, to list the obvious.
So far, not the bank, the isp, the mighty gmail, that I've messaged about compliance have lifted a finger to comply.
Check certificates then, they say.
Oh ha ha.
ssl is so broken.
Re: Error Console question
Posted: Thu Mar 25, 2010 8:07 am
by Giorgio Maone
jeno wrote:So I've no problems here then?
Apparently not.
Re: Error Console question
Posted: Fri Apr 02, 2010 8:15 pm
by turnerharry69@yahoo.com
So is this bad it seems to pop up with the add on Microsoft.net framework assistant 1.0