Computerworld: ISS: Critical Netscape Flaw Could be Widespread

"Security company Internet Security Systems Inc. (ISS) is warning its customers about a critical security hole in a commonly used technology from the Mozilla Foundation called the Netscape Network Security Services (NSS) library that could make Web servers vulnerable to remote attack.

"Atlanta-based ISS issued a security bulletin today about a flaw in the NSS library's implementation of the Secure Sockets Layer Version 2 (SSLv2) protocol that could allow remote attackers to use an SSLv2 connection to take control of Web servers using the NSS library.

Complete Story

Related Stories:

• Red Hat Linux Advisories: kernel, mozilla(Jul 21, 2003)
• Red Hat Linux Advisory: mozilla(Jul 15, 2003)
• CNET News: Mozilla Bug Leaks Web Surfing Data(Sep 16, 2002)
• MozillaNews.org: Mozilla.org Clarifies Security Policy (May 07, 2002)