{"id":527,"date":"2011-08-29T14:59:56","date_gmt":"2011-08-29T21:59:56","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/?p=527"},"modified":"2016-09-30T02:54:51","modified_gmt":"2016-09-30T09:54:51","slug":"fraudulent-google-com-certificate","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/","title":{"rendered":"Fraudulent *.google.com Certificate"},"content":{"rendered":"<h2><strong>Update <\/strong>(Sept. 6, 2011 @10:37 a.m. PT):<\/h2>\n<p>New security updates for Firefox are <a href=\"https:\/\/developer.mozilla.org\/devnews\/index.php\/2011\/09\/06\/firefox-6-0-2-and-3-6-22-security-updates-now-available\/\">now available<\/a>.<\/p>\n<h2><del><strong>Update <\/strong>(8.30.11 @ 11:25 p.m. PT)<\/del><\/h2>\n<p><del>Mozilla just released an update to Firefox for Desktop, Thunderbird and SeaMonkey. Updates are now available for:<br \/>\n\u2022\u00a0\u00a0\u00a0 Firefox for Windows, Mac and Linux (final release)<br \/>\n\u2022\u00a0\u00a0\u00a0 Firefox for Windows, Mac and Linux (3.6.21 final release)<br \/>\n\u2022\u00a0\u00a0\u00a0 Firefox Aurora for Windows, Mac and Linux<br \/>\n\u2022\u00a0\u00a0\u00a0 Firefox Nightly for Windows, Mac and Linux<br \/>\n\u2022\u00a0\u00a0\u00a0 SeaMonkey (2.3.2)<br \/>\n\u2022\u00a0\u00a0\u00a0 Thunderbird (6.0.1)<\/del><\/p>\n<p><del>We strongly recommend that all users upgrade to these releases.<\/del><\/p>\n<p><del>If you already have Firefox, you will receive an automated update notification within 24 to 48 hours. Users can also <a href=\"http:\/\/support.mozilla.com\/kb\/Updating%20Firefox?s=manual+update&amp;amp;as=s#w_how-do-i-manually-check-for-updates\">manually check for updates<\/a> if they do not want to wait for the automatic update.<\/del><\/p>\n<p><del>New versions of Firefox for Mobile (final release and Beta), Firefox Beta for Desktop and Thunderbird will be released shortly.<\/del><\/p>\n<h2>Issue<\/h2>\n<p>Mozilla was informed today about the issuance of at least one fraudulent SSL certificate for public websites belonging to Google, Inc. This is not a Firefox-specific issue, and the certificate has now been revoked by its issuer, DigiNotar. This should protect most users.<\/p>\n<h2>Impact to users<\/h2>\n<p>Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it\u2019s coming from a trusted site. We have received reports of these certificates being used in the wild.<\/p>\n<h2>Status<\/h2>\n<p>Because the extent of the mis-issuance is not clear, we are releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) shortly that will revoke trust in the DigiNotar root and protect users from this attack. We encourage all users to keep their software up-to-date by regularly applying security updates. Users can also <a href=\"http:\/\/support.mozilla.com\/en-US\/kb\/deleting-diginotar-ca-cert\">manually disable the DigiNotar root through the Firefox preferences.<\/a><\/p>\n<h2>Credit<\/h2>\n<p>This issue was reported to us by Google, Inc.<\/p>\n<p>&nbsp;<\/p>\n<p>Johnathan Nightingale<br \/>\nDirector of Firefox Development<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update (Sept. 6, 2011 @10:37 a.m. PT): New security updates for Firefox are now available. Update (8.30.11 @ 11:25 p.m. PT) Mozilla just released an update to Firefox for Desktop, &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/\">Read more<\/a><\/p>\n","protected":false},"author":107,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45538,69,77],"tags":[],"coauthors":[45550],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Fraudulent *.google.com Certificate - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Johnathan Nightingale\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/\",\"name\":\"Fraudulent *.google.com Certificate - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2011-08-29T21:59:56+00:00\",\"dateModified\":\"2016-09-30T09:54:51+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/0fac3a8789f3a9867a034db23e22d21d\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fraudulent *.google.com Certificate\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/0fac3a8789f3a9867a034db23e22d21d\",\"name\":\"Johnathan Nightingale\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/a7045d6e4465774d94d0755aad2e257f\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f1db41d9af38ab72e6716dbb616e1268?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f1db41d9af38ab72e6716dbb616e1268?s=96&d=identicon&r=g\",\"caption\":\"Johnathan Nightingale\"},\"description\":\"Vice President of Firefox\",\"sameAs\":[\"http:\/\/blog.johnath.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fraudulent *.google.com Certificate - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/","twitter_misc":{"Written by":"Johnathan Nightingale","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/","url":"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/","name":"Fraudulent *.google.com Certificate - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2011-08-29T21:59:56+00:00","dateModified":"2016-09-30T09:54:51+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/0fac3a8789f3a9867a034db23e22d21d"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2011\/08\/29\/fraudulent-google-com-certificate\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Fraudulent *.google.com Certificate"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/0fac3a8789f3a9867a034db23e22d21d","name":"Johnathan Nightingale","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/a7045d6e4465774d94d0755aad2e257f","url":"https:\/\/secure.gravatar.com\/avatar\/f1db41d9af38ab72e6716dbb616e1268?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f1db41d9af38ab72e6716dbb616e1268?s=96&d=identicon&r=g","caption":"Johnathan Nightingale"},"description":"Vice President of Firefox","sameAs":["http:\/\/blog.johnath.com"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/527"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/107"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=527"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/527\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=527"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}