Update (Sept. 6, 2011 @10:37 a.m. PT):
New security updates for Firefox are now available.
Update (8.30.11 @ 11:25 p.m. PT)
Mozilla just released an update to Firefox for Desktop, Thunderbird and SeaMonkey. Updates are now available for:
• Firefox for Windows, Mac and Linux (final release)
• Firefox for Windows, Mac and Linux (3.6.21 final release)
• Firefox Aurora for Windows, Mac and Linux
• Firefox Nightly for Windows, Mac and Linux
• SeaMonkey (2.3.2)
• Thunderbird (6.0.1)
We strongly recommend that all users upgrade to these releases.
If you already have Firefox, you will receive an automated update notification within 24 to 48 hours. Users can also manually check for updates if they do not want to wait for the automatic update.
New versions of Firefox for Mobile (final release and Beta), Firefox Beta for Desktop and Thunderbird will be released shortly.
Issue
Mozilla was informed today about the issuance of at least one fraudulent SSL certificate for public websites belonging to Google, Inc. This is not a Firefox-specific issue, and the certificate has now been revoked by its issuer, DigiNotar. This should protect most users.
Impact to users
Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site. We have received reports of these certificates being used in the wild.
Status
Because the extent of the mis-issuance is not clear, we are releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) shortly that will revoke trust in the DigiNotar root and protect users from this attack. We encourage all users to keep their software up-to-date by regularly applying security updates. Users can also manually disable the DigiNotar root through the Firefox preferences.
Credit
This issue was reported to us by Google, Inc.
Johnathan Nightingale
Director of Firefox Development
Jacob Appelbaum wrote on
Robert wrote on
Oliver Lavery wrote on
Annoyed user wrote on
Daniel Cheng wrote on
Boris wrote on
Benjamin Franz wrote on
Boris wrote on
Greg Price wrote on
Andrew Drake wrote on
caf wrote on
Dan Applegate wrote on
Daniel Veditz wrote on
lynX wrote on
mohammad from Iran wrote on
Matteo Panella wrote on
person287 wrote on
fish_ wrote on
bahareh wrote on
Delete’em All wrote on
Mark wrote on
Peter Breur wrote on
Jeroen van Gelderen wrote on
Frox wrote on
Sahand wrote on
christian baier wrote on
Pedram wrote on
Alastair Mayer wrote on
Ed wrote on
Brian Miller wrote on
PhoenixMylo wrote on
Christoph Anton Mitterer wrote on
Marceau GUIHARD wrote on
Lode V wrote on
Lode V wrote on
Pirolet wrote on
bardia67m wrote on
Kasperl wrote on
Daniel Veditz wrote on
Mark wrote on
Ferry wrote on
SteveL wrote on
pmhparis wrote on
joao wrote on
Lode V wrote on
Christoph Anton Mitterer wrote on
Ken B wrote on
TrvsT wrote on
kasperl wrote on
Private Joe wrote on
James wrote on
GLaDOS wrote on
Lode V wrote on
Blah wrote on
Lode V wrote on
Matt McCutchen wrote on
Daniel Veditz wrote on
theappalasian wrote on
Jan Ostemor wrote on
brian wrote on
David Bernier wrote on
Tom wrote on
Fred5 wrote on
dan wrote on
i am real wrote on