Google Chrome user alibo encountered an active “man in the middle” (MITM) attack on secure SSL connections to Google servers. The fraudulent certificate was mis-issued by DigiNotar, a Dutch Certificate Authority. The people affected were primarily located in Iran. DigiNotar has reported evidence that other fraudulent certificates were issued and in active use but the full extent of the compromise is not known.
To further protect the safety and privacy of Chrome users, they have disabled the DigiNotar certificate authority in Chrome while investigations continue. Mozilla also moved quickly to protect its users. This means that Chrome and Firefox users will receive alerts if they try to visit websites that use DigiNotar certificates. Microsoft also has taken prompt action.
Update from Mozilla.
Mozilla just released an update to Firefox for Desktop, Thunderbird and SeaMonkey. Updates are now available for:
• Firefox for Windows, Mac and Linux (final release)
• Firefox for Windows, Mac and Linux (3.6.21 final release)
• Firefox Aurora for Windows, Mac and Linux
• Firefox Nightly for Windows, Mac and Linux
• SeaMonkey (2.3.2)
• Thunderbird (6.0.1)
We strongly recommend that all users upgrade to these releases.
If you already have Firefox, you will receive an automated update notification within 24 to 48 hours. Users can also manually check for updates if they do not want to wait for the automatic update.
New versions of Firefox for Mobile (final release and Beta), Firefox Beta for Desktop and Thunderbird will be released shortly.
Users can also manually disable the DigiNotar root through the Firefox preferences.
Leave a Reply