cve-2008-3532-00

Summary NSS TLS/SSL Certificates not validated
Date 2008-07-25
CVE Number CVE-2008-3532
Discovered By Josh Triplett
Fixed In Release 2.5.0

Description

The NSS SSL implementation in libpurple does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

Mitigation

SSL/TLS Certificates are now verified in the NSS implementation in libpurple.

Looking to reach us via XMPP? Check out the new PidginChat service!