It is particularly problematic because it allows an attacker to decrypt all traffic between a client and a secure server, but tricking the client into accepting a weak key from the server.
This problem did not affect the Windows versions, since it is using an SSL/TLS implementation that is not vulnerable, but the Linux and Mac version uses Google’s OpenSSL fork BoringSSL, which was vulnerable until Feburary 26, when Google patched it.
We did patch last week’s TP2 for the FREAK problem, but embarrassingly enough, we forgot to update the normal development code :$
To fix this issue we are posting a new snapshot with this fix, and a few other updates.
Please keep in mind that snapshots are produced directly from the development code, and have not been subjected to a thorough release process like the Technology Preview releases.
Download
- Windows: 32-bit | 64-bit (64-bit is experimental)
- Mac: Download
- Linux DEB: 64-bit | 32-bit
- Linux RPM: 64-bit | 32-bit
Changelog:
- Added fix in boringSSL for FREAK vulnerability
- VB-3917 Call correct closeTab action when keyboard closes the tab
- Hide tooltip properly on mouseout
- VB-4117 Tab tooltips show up when disabled
