summary: NSS TLS/SSL Certificates not validated
discoveredBy: Josh Triplett
The NSS SSL implementation in libpurple does not verify SSL certificates, which
makes it easier for remote attackers to trick a user into accepting an invalid
server certificate for a spoofed service.
SSL/TLS Certificates are now verified in the NSS implementation in libpurple.