A new security advisory for NetBSD has just been published. The contents of the Advisory is written below: Version: NetBSD-current: source prior to August 11, 2010 NetBSD 5.0.*: affected NetBSD 5.0: affected NetBSD 4.0.*: affected NetBSD 4.0: affected pkgsrc: openssl package prior to 0.9.8onb1 Severity: Denial of Service and potential arbitrary code execution Fixed: NetBSD-current: [...]
The problem is TLSv1. Not in the server, but in the browser. As long as you keep your (UNIX-(like)) system up-t0-date, and compile your firefox yourself, or the maintainers of your package-system are doing that properly, everything remains fine. Should you be a windows- or MacOS-X-user, though, and should you furthermore be so unlucky as to use the binary provided by the Mozilla-Dev-Team, you’re in for some trouble, because that version of Firefox cannot display websites using TLSv1.