Pidgin Security Advisory
| Title | NSS TLS/SSL Certificates not validated |
|---|
| Date | 2008-07-25 |
|---|
| CVE Name | CVE-2008-3532 |
|---|
| Discovered By | Josh Triplett |
|---|
| Summary | No validation on SSL certificates was performed for NSS SSL |
|---|
| Description | The NSS SSL implementation in libpurple does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. |
|---|
| Fixed in Version | 2.5.0 |
|---|
| Fix | SSL/TLS Certificates are now verified in the NSS implementation in libpurple. |
|---|
Return to Security Advisory Index
