lastpass vulnerability...yes or no?

hi guys, just wondering, happened to open Firefox error console earlier today and found these two lines about last pass (screen shot). Found a description of the potential issue here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

ps: FIPS enabled (and corresponding settings)

Nothing to be concerned about, Logos. That’s only an Error Console lowest-level info message which is generated when visiting many sites. If I recall correctly, that message – like all the other messages in the Error Console – is meant to be helpful to the web site developer, and can be safely ignored by the user. Also, IIRC, there’s a bug report about this warning in Firefox already. The message uses the words “potentially vulnerable” to describe a condition that may possibly be a vulnerability, but usually isn’t. You’re not the first user to have a question about that.

Edit: Bug 549641 – Firefox raises alarm (in error console) about SSL servers being vulnerable to CVE-2009-3555

Edit 2: https://bugzilla.mozilla.org/show_bug.cgi?id=564135#c1
(my bold)

This is a new feature of NSS. These servers do need to be updated to avoid a vulnerability in NSS, but there's no need to keep this bug private, [b]it's a public problem for pretty much every HTTPS server on the internet.[/b]

I defer to Damian on avoiding MITM attacks. I don’t do my banking from hot spots.

@ Alan Baxter: thank you very much for this feedback, that’s quite useful. I rarely opened the error console in the past and saw that for the first time today. And again, tbh I’m quite pleased with the info you just posted :wink: …so just no need to worry after all :slight_smile:

ps: I’m going to update the thread I started on laspass forums on the same topic

You’re welcome. ;D