On 09/29/2011 05:12 PM, Robert Kaiser wrote: > NoOp schrieb: >> Thanks for the clarification. Java goes off until either Mozilla and/or >> Oracle fix _their_ issues. > > To be clear, those issues are completely on Oracle's side, the Mozilla > code doesn't have an issue wrt Java, and the other major plugins are > safe as well as we found out. The Java plugin itself is the thing that > has the security issue, and a published one at that. > > Robert Kaiser > >
I'm not sure I fully understand (or probably ever will)... <https://bugzilla.mozilla.org/show_bug.cgi?id=665814> {(CVE-2011-3389) Rizzo/Duong chosen plaintext attack on SSL/TLS 1.0 (facilitated by websockets -76)] doesn't seem to indicate java, but instead nss as being the issue. So, "to be clear": is it a java or nss issue? _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey