Mozilla Foundation Security Advisory 2010-72

Insecure Diffie-Hellman key exchange

Announced

October 19, 2010

Reporter

Nelson Bolyard

Impact

Low

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

Firefox 3.5.14
Firefox 3.6.11
SeaMonkey 2.0.9
Thunderbird 3.0.9
Thunderbird 3.1.5

Description

Mozilla cryptographer Nelson Bolyard reported that the SSL implementation was permitting servers to use Diffie-Hellman Ephemeral mode (DHE) with too short of a minimum key length. DHE keys of such lengths are trivially breakable on modern hardware so SSL servers operating in this mode were providing very little effective security for their clients.

References

Weak DHE key bugs
CVE-2010-3173

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2010-72

Insecure Diffie-Hellman key exchange

Description

References