Pidgin Security Advisory

TitleNSS TLS/SSL Certificates not validated
Date2008-07-25
CVE NameCVE-2008-3532
Discovered ByJosh Triplett
SummaryNo validation on SSL certificates was performed for NSS SSL
DescriptionThe NSS SSL implementation in libpurple does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
Fixed in Version2.5.0
FixSSL/TLS Certificates are now verified in the NSS implementation in libpurple.

Return to Security Advisory Index