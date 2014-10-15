Oct 14 Mozilla said it will disable Secure
Sockets Layer (SSL) encryption in the latest version of its
Firefox web browser that will be released on Nov. 25 after a
security bug called "Poodle" was discovered in a web encryption
technology.
"By exploiting this vulnerability, an attacker can gain
access to things like passwords and cookies, enabling him to
access a user's private account data on a website," Mozilla said
in its blog. (mzl.la/1DaxOwY)
SSL 3.0 will be disabled by default in Firefox 34, Mozilla
said. The code to disable the security protocol will be
available shortly via Mozilla Nightly, an in-development version
of Mozilla's browser.
Mozilla also said that Firefox 35 will support a generic
Transport Layer Security (TLS) downgrade protection mechanism
called SCSV (Signaling Cipher Suite Value), as a precautionary
measure.
Servers supporting SCSV can prevent attacks that rely on
insecure fallback.
The Poodle bug, which stands for Padding Oracle On
Downloaded Legacy Encryption, was recently uncovered by Google
Inc researchers. It could allow hackers to steal data
from within an encrypted transaction.
(Reporting by Tanvi Mehta in Bangalore; Editing by Lisa
Shumaker)