Issue
Mozilla has been informed about the issuance of several fraudulent SSL certificates for public websites. The certificates have been revoked by their issuer which should protect most users. This is not a Firefox-specific issue. As part of our ongoing commitment to providing a secure Web experience for users, we have updated Firefox 4.0, 3.6, and 3.5 to recognize these certificates and block them automatically.
Impact to users
Users on a compromised network could be directed to sites using the fraudulent certificates and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site.
Status
Current versions of Firefox are protected from this attack. We are still evaluating the possibility of further response to this issue. We encourage all users to keep their software up to date by regularly applying security updates.
Credit
This issue was reported to us by the Comodo Group, Inc., the certificate authority responsible for issuing the fraudulent certificates.
dilip wrote on
Bob wrote on
Jacob Appelbaum wrote on
anon wrote on
Robert Ransom wrote on
Daniel Colascione wrote on
Christoph Anton Mitterer wrote on
Giorgio Marinelli wrote on
Gary wrote on
Timothy Brownawell wrote on
Jens Müller wrote on
Anna wrote on
Neil Goldman wrote on
nunya wrote on
Daniel Veditz wrote on
chinese wrote on
Danny Moules wrote on
toko online wrote on
yksoft1 wrote on
Brandon Sterne wrote on
yksoft1 wrote on
anon wrote on
Gordon Burditt wrote on
Juha wrote on
none wrote on
ThomasB wrote on
Pixelflo wrote on