The purpose of this document is to summarize security issue CVE-2009-3555 (a man-in-the-middle vulnerability in the TLS/SSL protocol) which applies to SSL/TLS/https/etc., to describe what action has been taken in Mozilla, and to describe what action other parties should take. Background In 2009, a flaw was discovered in the SSL/TLS protocol which is widely used in Internet applications, for exampl