Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

cannot log in to website (Error Message); transaction.cityofmerced.org.potentially vulnerable CVE-2009-3555

  • 2 uphendule
  • 0 zinale nkinga
  • 7 views
  • Igcine ukuphendulwa ngu cor-el

AnonymousUser
AnonymousUser
more options

NEW Login Problem when attempting to pay Utility bill as I've normally done

The WEB site page then displays message: We apologize, the system is temporarily down.

Please report the following to the System Administrator: java.lang.Exception: This website does not currently support your web browser. You can view this site in Internet Explorer or FireFox

My FireFox error console on browser displays = "transactions.cityofmerced.org:potentially.vulnerable.CVE-2009-3555"

Jave search yields the following

Cyber Risk Report March 29–April 4, 2010 

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability

IntelliShield Vulnerability Alert 19361, Version 43, April 1, 2010 Urgency/Credibility/Severity Rating: 2/5/3 CVE-2009-3555

Multiple TLS implementations contain a vulnerability when renegotiating a Transport Layer Security (TLS) session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. Proof-of-concept code that exploits this vulnerability is publicly available. Mozilla and Oracle, in addition to other vendors, have released updates for this vulnerability. http://www.cisco.com/web/about/security/intelligence/CRR_mar29-apr4.html

Will FireFox browser updates address this security problem???

URL of affected sites

http://transactions.cityofmerced.org/Click2GovCX/Index.jsp

User Agent

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefo796804586903 887809903

NEW Login Problem when attempting to pay Utility bill as I've normally done -------------------------------------- The WEB site page then displays message: We apologize, the system is temporarily down. Please report the following to the System Administrator: java.lang.Exception: This website does not currently support your web browser. You can view this site in Internet Explorer or FireFox --------------------- My FireFox error console on browser displays = "transactions.cityofmerced.org:potentially.vulnerable.CVE-2009-3555" --------------------- Jave search yields the following --------------------- Cyber Risk Report March 29–April 4, 2010 Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability IntelliShield Vulnerability Alert 19361, Version 43, April 1, 2010 Urgency/Credibility/Severity Rating: 2/5/3 CVE-2009-3555 Multiple TLS implementations contain a vulnerability when renegotiating a Transport Layer Security (TLS) session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. Proof-of-concept code that exploits this vulnerability is publicly available. Mozilla and Oracle, in addition to other vendors, have released updates for this vulnerability. http://www.cisco.com/web/about/security/intelligence/CRR_mar29-apr4.html --------------------------------------------------- Will FireFox browser updates address this security problem??? == URL of affected sites == http://transactions.cityofmerced.org/Click2GovCX/Index.jsp == User Agent == Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefo796804586903 887809903

All Replies (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

That message is meant for webmasters to make them aware that they need to fix their servers. Firefox 3.6 versions can detect such a misconfiguration and displays a warning in the "Tools > Error Console".

See https://wiki.mozilla.org/Security:Renegotiation

AnonymousUser
AnonymousUser Umnikazi wombuzo
more options

Thanks cor-el, I sent your answer on to the Webmaster.

I.E. still allows the negotiation of the (TLS) session and I mistook it to mean Firefox had fallen behind and was being refused access by the site.

You're saying because the Browser can detect such a misconfiguration that it won't accept the security risk of a misconfiguration at the site?

I appreciate your reply and explanation!! Bill Rogers