Ubuntu
firefox package

sevrver does not support RFC 5746, see CVE-2009-3555

Bug #880226 reported by EricDHH on 2011-10-23

This bug report is a duplicate of: Bug #798672: Firefox 5 unable to renegotiate on SSL socket. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	firefox (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

Affected Ubuntu 11.04 on two computers and 11.10 amd64 too, since latest browser update.
firefox 7.0.1+build1+n

Several pages are inaccessible in ssl sessions by this bug, it is visible in the error-console while the browser is hourglassing forever. It is NOT okay to force thousands of server admins to repair something that is based on a client ignorance like these new ff version.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: firefox 7.0.1+build1+nobinonly-0ubuntu0.11.04.1
ProcVersionSignature: Ubuntu 2.6.38-11.50-genusername 2.6.38.8
Uname: Linux 2.6.38-11-generic i686
AddonCompatCheckDisabled: False
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
Architecture: i386
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: eric 1815 F.... pulseaudio
BuildID: 20110928224103
Card0.Amixer.info:
Card hw:0 'I82801DBICH4'/'Intel 82801DB-ICH4 with AD1981B at irq 5'
   Mixer name : 'Analog Devices AD1981B'
   Components : 'AC97a:41445374'
   Controls : 26
   Simple ctrls : 18
Card29.Amixer.info:
Card hw:29 'ThinkPadEC'/'ThinkPad Console Audio Control at EC reg 0x30, fw 1RHT71WW-3.04'
   Mixer name : 'ThinkPad EC 1RHT71WW-3.04'
   Components : ''
   Controls : 2
   Simple ctrls : 1
Card29.Amixer.values:
Simple mixer control 'Console',0
   Capabilities: pvolume pvolume-joined pswitch pswitch-joined penum
   Playback channels: Mono
   Limits: Playback 0 - 14
   Mono: Playback 9 [64%] [on]
Channel: release
CurrentDmesg: Error: command ['sh', '-c', 'dmesg | comm -13 --nocheck-order /var/log/dmesg -'] failed with exit code 1: comm: /var/log/dmesg: Permission denied
Date: Sun Oct 23 09:51:46 2011
EcryptfsInUse: Yes
ForcedLayersAccel: False
IfupdownConfig:
auto lo
iface lo inet loopback
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20110318)
IpRoute:
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.136 metric 2
169.254.0.0/16 dev wlan0 scope link metric 1000
default via 192.168.1.1 dev wlan0 proto static
Plugins:
QuickTime Plug-in 7.6.6 - Lib=libtotem-narrowspace-plugin.so, Location=/usr/lib/mozilla/plugins
DivX® Web Player - Lib=libtotem-mully-plugin.so, Location=/usr/lib/mozilla/plugins
Windows Media Player Plug-in 10 (compatible; Totem) - Lib=libtotem-gmp-plugin.so, Location=/usr/lib/mozilla/plugins
VLC Multimedia Plugin (compatible Totem 2.32.0) - Lib=libtotem-cone-plugin.so, Location=/usr/lib/mozilla/plugins
Shockwave Flash - Lib=libflashplayer.so, Location=/usr/lib/mozilla/plugins
ProcEnviron:
LANGUAGE=de_DE:en
LANG=de_DE.UTF-8
SHELL=/bin/bash
Profiles: Profile0 (Default) - LastVersion=7.0.1/20110928224103 (Running)
RunningIncompatibleAddons: False
SourcePackage: firefox
UpgradeStatus: Upgraded to natty on 2011-03-25 (212 days ago)
dmi.bios.date: 06/18/2007
dmi.bios.vendor: IBM
dmi.bios.version: 1RETDRWW (3.23 )
dmi.board.name: 2373L77
dmi.board.vendor: IBM
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: IBM
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnIBM:bvr1RETDRWW(3.23):bd06/18/2007:svnIBM:pn2373L77:pvrThinkPadT42:rvnIBM:rn2373L77:rvrNotAvailable:cvnIBM:ct10:cvrNotAvailable:
dmi.product.name: 2373L77
dmi.product.version: ThinkPad T42
dmi.sys.vendor: IBM

Tags:

Revision history for this message

EricDHH (ericdhh) wrote on 2011-10-23:

AlsaDevices.txt Edit (650 bytes, text/plain; charset="utf-8")
AplayDevices.txt Edit (323 bytes, text/plain; charset="utf-8")
ArecordDevices.txt Edit (622 bytes, text/plain; charset="utf-8")
Card0.Amixer.values.txt Edit (4.1 KiB, text/plain; charset="utf-8")
Card0.Codecs.codec97.0.ac97.0.0.txt Edit (664 bytes, text/plain; charset="utf-8")
Card0.Codecs.codec97.0.ac97.0.0.regs.txt Edit (767 bytes, text/plain; charset="utf-8")
Dependencies.txt Edit (3.1 KiB, text/plain; charset="utf-8")
Extensions.txt Edit (693 bytes, text/plain; charset="utf-8")
IpAddr.txt Edit (681 bytes, text/plain; charset="utf-8")
Locales.txt Edit (389 bytes, text/plain; charset="utf-8")
Lspci.txt Edit (10.7 KiB, text/plain; charset="utf-8")
PciMultimedia.txt Edit (745 bytes, text/plain; charset="utf-8")
PciNetwork.txt Edit (1.4 KiB, text/plain; charset="utf-8")
Prefs.txt Edit (4.4 KiB, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (529 bytes, text/plain; charset="utf-8")
Themes.txt Edit (274 bytes, text/plain; charset="utf-8")

Revision history for this message

Micah Gersten (micahg) wrote on 2011-10-23:

Thank you for reporting this to Ubuntu. Starting with Firefox 4, these sites have been disabled by default. This has been a known security issue for quite a while. This issue is the same as bug 798672 where an upstream bug is linked. The upstream bug does contain more information as well as links about where this was fixed. There is some documentation here as well: https://wiki.mozilla.org/Security:Renegotiation
Please contact the site owner in question about this issue. Please report any other issues you may find.

Changed in firefox (Ubuntu):
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #798672 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntufirefox package