Canonical published details about the NSS vulnerability in its Ubuntu 13.10, Ubuntu 13.04, Ubuntu 12.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.
According to the company, NSS could have been made to expose sensitive information over the network.
It has been discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.
… (read more)