The current firefox version is vulnerable to Logjam and can be tricked into using weak encryption. You can check this at https://weakdh.org/ using firefox 31.7.0 Reproducible: Always
According to https://github.com/martinthomson/disable-dhe there will be a fix in Firefox 39 but an extension is already available on https://addons.mozilla.org//firefox/addon/disable-dhe/
bug is probably in nss.
(In reply to Alex Xu (Hello71) from comment #2) > bug is probably in nss. Well, nss-3.19 is supposed to be what's in firefox-39 according to what I found in bugzilla, but it doesn't resolve this. If stabilizing newer version of NSS isn't a reasonable solution, mozilla team can look into forcing off security.ssl3.dhe_rsa_aes_{128,256}_sha options in gentoo's prefs.js. I would do this immediately but I don't know what other side-effects it might have, so mozilla team will need to discuss first. Note that firefox-bin seems to suffer from this too, btw.
I've committed nss-3.19-r1 to the tree, that contains a backport of the commit from nss-3.19.1 which increases rsa and DH minimum key size to 1024. That'll take care of ~arch and source builds for now, at least. firefox-bin (and thunderbird-bin/seamonkey-bin i assume but haven't checked) will need a prefs.js setting to disable the dhe options until they bundle nss-3.19.1; i'm looking into that.
There is no glsa for this CVE www-client/firefox-31.7.0::gentoo security.ssl3.dhe_rsa_aes_128_sha false security.ssl3.dhe_rsa_aes_256_sha false hammerhead georg # glsa-check -l [A] means this GLSA was marked as applied (injected), [U] means the system is not affected and [N] indicates that the system might be affected. hammerhead georg # https://www.ssllabs.com/ssltest/viewMyClient.html tells me i am affected due to the disabled ciphers.
(In reply to georg from comment #5) > There is no glsa for this CVE > > www-client/firefox-31.7.0::gentoo > > security.ssl3.dhe_rsa_aes_128_sha false > security.ssl3.dhe_rsa_aes_256_sha false > > hammerhead georg # glsa-check -l > [A] means this GLSA was marked as applied (injected), > [U] means the system is not affected and > [N] indicates that the system might be affected. > > hammerhead georg # > > https://www.ssllabs.com/ssltest/viewMyClient.html > tells me i am affected due to the disabled ciphers. Well that's because there's no CVE :) Although this is a security bug, the solution hasn't been fully implemented (and actually it hasn't even been fully decided on) yet. Mozilla's fix is two versions away, ~arch is covered right now by dev-libs/nss-3.19-r1 but it will take a bit of time to determine if that is ok to stabilize, and the *-bin packages still need their own fix. GLSAs are not posted until there is a fully implemented fix.
To my knowledge there it is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000 See also #550180 for filezilla
(In reply to georg from comment #7) > To my knowledge there it is > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000 > > See also #550180 for filezilla works for me! Updating status line. security@, please fix whiteboard/keywords please?
nss-3.19.1 released and committed to the tree (i dropped 3.19-r1 since the upstream release is better). I've also revbumped firefox-bin and seamonkey-bin with prefs-based fixes to disable the vulnerable cyphersuites. Thunderbird-bin is in progress, unfortunately it has a -lot- more cypher suites and figuring out which ones are vulnerable is proving a bit difficult for me.
Firefox / Thunderbird fixes have just been entered in to Bug #554036. I am removing the firefox / thunderbird from this bug and setting dependency on that bug for it. Also adding another CVE that was fixed in 3.19.1 of NSS. CVE-2015-{2721,4000}
nss-3.19.2 recently released (and added to the tree), and as it seems this is a requirement of the new stable candidate, arches please stabilize =dev-libs/nss-3.19.2
Stable for HPPA.
amd64 stable
Stable for PPC64.
Stable on alpha (took dev-libs/nspr-4.10.8 along as a dep).
x86 stable
ppc stable
sparc stable
arm stable, all arches done.
Arches, Thank you for your work. Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s).
Maintainer(s), Thank you for you for cleanup.
This issue was resolved and addressed in GLSA 201701-46 at https://security.gentoo.org/glsa/201701-46 by GLSA coordinator Thomas Deutschmann (whissi).
