Rob Stradling <rob.stradl...@comodo.com> writes: >But if it's an old version of NSS or OpenSSL, then the community could help >find an exploitable bug.
If it's a remote-code-exec we could patch their firmware for them to support SHA-256. Think of it as an undocumented remote admin capability. (Something like this has been done in the past to fix a commercial vendor's gear). Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy