Jolla browser suffers from poodle vulnerability [answered]
The Jolla stock browser has the #poodle vulnerability - SSLv3 It should be fixed. Firefox 33 is not vulnerable.
https://www.openssl.org/~bodo/ssl-poodle.pdf Here's the result of http://poodletest.com
On my phone, SailfishOS 1.0.8.21 (Tahkalampi), http://poodletest.com/ no SSLv3 so not vunerable. Also on the stock browser, so what's the difference here?
filipb92 ( 2014-10-15 12:06:03 +0200 )editAt least snowshoe browser on Jolla is not vulnerable ;) (and no, I dont change the browser settings reflecting this in my builds)
Nieldk ( 2014-10-15 21:38:41 +0200 )editno vulnetability here but for webcat browser
NuklearFart ( 2014-10-16 01:00:19 +0200 )edit1.0.8.21 is not vulnerable, how old a SFOS release are you running?
juiceme ( 2014-10-16 12:41:53 +0200 )editStrange things seem to happen to the browser. My 1.0.8.21 version was vulnerable, others with the same version were not vulnerable. There may well be a relation to apps that use internet services and that somehow impact the security level of SailfishOS - not by vulnerabilities of the app itself, but by introducing vulnerabilities in the sailfishos platform. This is, of course, a risk in any system that is jailbroken or rooted, it's by no means a weakness of sailfishos or Jolla. But this security issue should be documented and some advise to devs should be given.
meneer ( 2014-10-17 10:32:03 +0200 )edit