6 comments

[ 5.1 ms ] story [ 22.3 ms ] thread
For those of you playing the home version, this is in Set 6 of our crypto challenges:

http://cryptopals.com/sets/6/challenges/42/

Ironically, Firefox is the only browser that had this flaw when Bleichenbacher originally described it almost 10 years ago.

I'm particularly fond of this bug; it's what started me off down the path of learning about serious crypto attacks.

Right now, the most popular phone for Firefox OS is the Intex Cloud FX (the $33 phone), which was released last month and runs 1.3[1]. However, Mozilla has said that they are only applying updates to 2.x[2].

This means that their flagship phone that was released only a month ago has a critical security vulnerability and there are no plans to fix it. Great work, Mozilla!

[1] - http://www.intexmobile.in/product_detail.aspx?PID=191&PCatID...

[2] - https://www.reddit.com/r/FireFoxOS/comments/2hf13o/security_...

This is far from the truth.
If you know they have plans to fix it, it would be helpful if you would say so.
Please, elaborate. I was under the impression that the Intex 1.3 branch was entirely separate from the main trunk and it would take some time to merge it back in.