The mitigation for CVE-2011-3389 flaw was implemented in the Network Security Services (NSS) library. This mitigation was added in NSS version 3.13, and is enabled by default upstream. Environment variable NSS_SSL_CBC_RANDOM_IV can be used to disable the mitigation when it causes failures to connect to servers that are intolerant to 1/(n-1) record splitting. Setting the environment variable value to 0 disables the mitigation. The nss packages in Red Hat Enterprise Linux 5 and 6 were updated to version 3.13.1 via RHBA-2012:0337: https://rhn.redhat.com/errata/RHBA-2012-0337.html Unlike upstream versions, this mitigation is disabled by default in nss packages in Red Hat Enterprise Linux 5 and 6. This bug is used to track enabling of this mitigation, by seting the NSS_SSL_CBC_RANDOM_IV environment variable in the firefox and thunderbird start-up scripts. More details about the CVE-2011-3389 flaw at: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3389
This mitigation is enabled by default in upstream Firefox versions since version 9.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1089 https://rhn.redhat.com/errata/RHSA-2012-1089.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1088 https://rhn.redhat.com/errata/RHSA-2012-1088.html