When will Logjam be patched in both browsers?

Discuss building things with or for the Mozilla Platform.
Post Reply
groze5858
Posts: 148
Joined: June 11th, 2014, 3:26 pm

When will Logjam be patched in both browsers?

Post by groze5858 »

When will Logjam vulnerability be patched in both browsers SeaMonkey & Firefox? Thank you for this information.

https://weakdh.org/









Not sure if this is the correct place to post if not please move to correct thread. Thank You.
User avatar
patrickjdempsey
Posts: 23686
Joined: October 23rd, 2008, 11:43 am
Location: Asheville NC
Contact:

Re: When will Logjam be patched in both browsers?

Post by patrickjdempsey »

As soon as you disable the DHE cypher suites yourself. SeaMonkey releases are on hold for now because Mozilla forced changes that require a new build environment on Windows but hasn't bothered to help SM folks set up a new build machine yet.

See:
viewtopic.php?f=38&t=2935955
And:
viewtopic.php?f=3&t=2934629
Tip of the day: If it has "toolbar" in the name, it's crap.
What my avatar is about: https://addons.mozilla.org/en-US/seamonkey/addon/sea-fox/
groze5858
Posts: 148
Joined: June 11th, 2014, 3:26 pm

Re: When will Logjam be patched in both browsers?

Post by groze5858 »

patrickjdempsey wrote:As soon as you disable the DHE cypher suites yourself. SeaMonkey releases are on hold for now because Mozilla forced changes that require a new build environment on Windows but hasn't bothered to help SM folks set up a new build machine yet.

See:
viewtopic.php?f=38&t=2935955
And:
viewtopic.php?f=3&t=2934629


If I am reading those sites above correctly, Firefox won't do it till Firefox 39 is released. I guess so they can pass it down to other operating systems.

The reason I asked is this site https://weakdh.org/ said

If you use a browser…

Make sure you have the most recent version of your browser installed, and check for updates frequently. Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack.


I haven't seen any fixes for chrome either. Do you know if any Mozilla third party browser is doing the patch sooner? I hate to use I.E. for banking.
User avatar
patrickjdempsey
Posts: 23686
Joined: October 23rd, 2008, 11:43 am
Location: Asheville NC
Contact:

Re: When will Logjam be patched in both browsers?

Post by patrickjdempsey »

It takes two seconds to disable the ciphers in about:config:

Filter for .dhe and double-click to set them to false.
Tip of the day: If it has "toolbar" in the name, it's crap.
What my avatar is about: https://addons.mozilla.org/en-US/seamonkey/addon/sea-fox/
User avatar
LuvKomputrs
Posts: 659
Joined: June 9th, 2010, 8:15 am

Re: When will Logjam be patched in both browsers?

Post by LuvKomputrs »

Good to know. :)
Just changed mine.
security.ssl3.dhe_rsa_aes_128_sha is now false
security.ssl3.dhe_dss_aes_256_sha is now false
Just got this message:
Good News! Your browser is safe against the Logjam attack. :D
Post Reply