from basic research my understanding is: it is vulnerable in TLS 1.0 in SSL 3
Attacker can inject javascript and pass some known text to some server where attacker will get the encrypted version of known plain text and this is how the encryption mechanism can be known.
Please clarify if I misunderstood anything.
Questions: How to inject some malicious java script on page ? and what are the tools to identity encryption mechanism and apply the same to decrypt the cookie content ?