Red Hat Bugzilla – Bug 1053725
CVE-2013-1740 nss: false start PR_Recv information disclosure security issue
Last modified: 2015-10-15 14:12:00 EDT
A security issue has been reported in NSS, which can be exploited by a malicious user to disclose certain information.
The issue arises due to an error within the "ssl_Do1stHandshake()" function in lib/ssl/sslsecur.c, which can be exploited to potentially return unencrypted and unauthenticated data from PR_Recv. Successful exploitation requires false start to be enabled.
The issue is said to be fixed in NSS 3.15.4.
By default, NSS ships with false start disabled, for which the above patch works and was implemented in NSS 3.15.3.
The upstream bug noted actually has fixes from another upstream bug  which notes the actual upstream commit , however the next noted commit  may also be required.
According to this document, False Start has been implemented in NSS since 3.12.9:
I'm unable to find any corresponding note or changelog for nss to back it up, however.
Created nss tracking bugs for this issue:
Affects: fedora-all [bug 1054456]
(In reply to Vincent Danen from comment #5)
> According to this document, False Start has been implemented in NSS since
> I'm unable to find any corresponding note or changelog for nss to back it
> up, however.
Vincent, Looking at old cvs history (nss switched from cvs to mercurial last year) I see this commit
date: 2010/07/30 03:00:16; author: wtc%google.com; state: Exp; lines: +12 -1
Bug 525092: Support TLS false start. The patch is contributed by Adam
Langley of Google <email@example.com>. r=wtc.
cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.h
lib/ssl/ssl3con.c lib/ssl/ssl3gthr.c lib/ssl/sslimpl.h
lib/ssl/sslsecur.c lib/ssl/sslsock.c tests/ssl/sslstress.txt
This may be what you are looking for.
(In reply to Elio Maldonado Batiz from comment #8)
> See https://bugzilla.mozilla.org/show_bug.cgi?id=525092
> This may be what you are looking for.
Thanks, Elio. That's exactly it. Last comment in that bug is:
"Patch checked in on the NSS trunk (NSS 3.13) and NSS_3_12_BRANCH
which is pretty close to the 3.12.9 version I had indicated. Thanks for that confirmation.
nss-3.15.4-1.fc20, nss-softokn-3.15.4-1.fc20, nss-util-3.15.4-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
nss-3.15.4-1.fc19, nss-softokn-3.15.4-1.fc19, nss-util-3.15.4-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2014:0917 https://rhn.redhat.com/errata/RHSA-2014-0917.html
A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Via RHSA-2014:1246 https://rhn.redhat.com/errata/RHSA-2014-1246.html