Re: iceweasel x590 vulnerability info

To: Thijs Kinkhorst <thijs@debian.org>
Cc: debian-www@lists.debian.org, team@security.debian.org
Subject: Re: iceweasel x590 vulnerability info
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 24 Aug 2008 10:30:53 +0200
Message-id: <[🔎] 87fxouzuf6.fsf@mid.deneb.enyo.de>
In-reply-to: <20080515113720.GA4402@ouaza.com> (Raphael Hertzog's message of "Thu, 15 May 2008 13:37:20 +0200")
References: <200805142336.46170.thijs@debian.org> <20080515113720.GA4402@ouaza.com>

* Raphael Hertzog:

>> "The Iceweasel ("firefox") web browser functionality for generating
>> X509 public/private keypairs (certificates) is not affected by this
>> vulnerability.  Iceweasel uses nss, a different cryptography engine."
>
> Where does Iceweasel offer such a functionnality? I know it can "import"
> certificates but "generating"? At least I haven't seen anything like that
> in the same window where you handle certificates.

It's called SPKAC:

<http://devedge-temp.mozilla.org/library/manuals/1998/htmlguide/tags10.html#1615503>

Reply to:

Prev by Date: Bug#440641: packages.debian.org: switched from gnuab to debports
Next by Date: Re: DSA-1628 and DSA-1630 is not on website
Previous by thread: Processed: packages.debian.org: switched from gnuab to debports
Next by thread: Bug#496507: [www.debian.org] Debian Description Translation Project (DDTP) Translation-lang files not only available for sid
Index(es):
- Date
- Thread