Description
The NSS SSL implementation in libpurple does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
Mitigation
SSL/TLS Certificates are now verified in the NSS implementation in libpurple.