Updated 07:27 AM EST, Sat, Nov 23, 2024

Mozilla to disable encryption feature in next Firefox browser due to 'Poodle' bug

  • +
  • -
  • Sign up to receive the lastest news from LATINONE

(Reuters) - Mozilla said it will disable Secure Sockets Layer (SSL) encryption in the latest version of its Firefox web browser that will be released on Nov. 25 after a security bug called "Poodle" was discovered in a web encryption technology.

"By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user's private account data on a website," Mozilla said in its blog. (https://mzl.la/1DaxOwY)

SSL 3.0 will be disabled by default in Firefox 34, Mozilla said. The code to disable the security protocol will be available shortly via Mozilla Nightly, an in-development version of Mozilla's browser.

Mozilla also said that Firefox 35 will support a generic Transport Layer Security (TLS) downgrade protection mechanism called SCSV (Signaling Cipher Suite Value), as a precautionary measure.

Servers supporting SCSV can prevent attacks that rely on insecure fallback.

The Poodle bug, which stands for Padding Oracle On Downloaded Legacy Encryption, was recently uncovered by Google Inc researchers. It could allow hackers to steal data from within an encrypted transaction.

(Reporting by Tanvi Mehta in Bangalore; Editing by Lisa Shumaker)

© 2015 Thomson Reuters. All rights reserved.
  • Sign up to receive the lastest news from LATINONE
Close

Curiosidades

Real Time Analytics