Heartbleed attack on Openssl

Felipe Vieira fmv1992 at gmail.com
Thu Apr 10 01:53:28 CEST 2014


Thanks everyone for the quick and complete feedback. New questions arose:

1) Firefox uses NSS instead of OpenSSL. Still it can communicate with a
OpenSSL based server (say X) and thus the browser's type is irrelevant. The
communication between browser and X could be eavesdropped. Is that correct?

2) If the first answer is yes, only the X service credentials/data could be
stolen or does that compromis the whole browser session (e.g.:
communication browser - service Y and browser - service Z)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140409/38101d44/attachment.html>


More information about the Gnupg-users mailing list