|Summary||NSS TLS/SSL Certificates not validated|
|Discovered By||Josh Triplett|
|Fixed In Release||2.5.0|
The NSS SSL implementation in libpurple does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
SSL/TLS Certificates are now verified in the NSS implementation in libpurple.