"Security company Internet Security Systems Inc. (ISS) is
warning its customers about a critical security hole in a commonly
used technology from the Mozilla Foundation called the Netscape
Network Security Services (NSS) library that could make Web servers
vulnerable to remote attack.
"Atlanta-based ISS issued a security bulletin today about a flaw
in the NSS library's implementation of the Secure Sockets Layer
Version 2 (SSLv2) protocol that could allow remote attackers to use
an SSLv2 connection to take control of Web servers using the NSS
library.