Affecting Certain secure sites are broken due to outdated version of NSS

Published: | Categories: Privacy & Security

Description

Mozilla developers have discovered several secure servers not working on Firefox 51 (and Google Chrome Canary), showing the “Secure Connection Failed” error page. A list of the broken sites can be found in the tracking bug, but there is probably more.

Those servers are apparently using an outdated version of the Network Security Services (NSS) library which contains a bug in the signature_algorithms parsing, throws PR_END_OF_FILE_ERROR on the latest browsers coming with NSS 3.28 or later, and therefore has to be upgraded to a newer version.

References