Update (Sept. 6, 2011 @10:37 a.m. PT):
New security updates for Firefox are now available.
Update (8.30.11 @ 11:25 p.m. PT)
Mozilla just released an update to Firefox for Desktop, Thunderbird and SeaMonkey. Updates are now available for:
• Firefox for Windows, Mac and Linux (final release)
• Firefox for Windows, Mac and Linux (3.6.21 final release)
• Firefox Aurora for Windows, Mac and Linux
• Firefox Nightly for Windows, Mac and Linux
• SeaMonkey (2.3.2)
• Thunderbird (6.0.1)
We strongly recommend that all users upgrade to these releases.
If you already have Firefox, you will receive an automated update notification within 24 to 48 hours. Users can also manually check for updates if they do not want to wait for the automatic update.
New versions of Firefox for Mobile (final release and Beta), Firefox Beta for Desktop and Thunderbird will be released shortly.
Issue
Mozilla was informed today about the issuance of at least one fraudulent SSL certificate for public websites belonging to Google, Inc. This is not a Firefox-specific issue, and the certificate has now been revoked by its issuer, DigiNotar. This should protect most users.
Impact to users
Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site. We have received reports of these certificates being used in the wild.
Status
Because the extent of the mis-issuance is not clear, we are releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) shortly that will revoke trust in the DigiNotar root and protect users from this attack. We encourage all users to keep their software up-to-date by regularly applying security updates. Users can also manually disable the DigiNotar root through the Firefox preferences.
Credit
This issue was reported to us by Google, Inc.
Johnathan Nightingale
Director of Firefox Development
Jacob Appelbaum
wrote on
Robert
wrote on
Oliver Lavery
wrote on
Annoyed user
wrote on
Daniel Cheng
wrote on
Boris
wrote on
Benjamin Franz
wrote on
Boris
wrote on
Greg Price
wrote on
Andrew Drake
wrote on
caf
wrote on
Dan Applegate
wrote on
Daniel Veditz
wrote on
lynX
wrote on
mohammad from Iran
wrote on
Matteo Panella
wrote on
person287
wrote on
fish_
wrote on
bahareh
wrote on
Delete’em All
wrote on
Mark
wrote on
Peter Breur
wrote on
Jeroen van Gelderen
wrote on
Frox
wrote on
Sahand
wrote on
christian baier
wrote on
Pedram
wrote on
Alastair Mayer
wrote on
Ed
wrote on
Brian Miller
wrote on
PhoenixMylo
wrote on
Christoph Anton Mitterer
wrote on
Marceau GUIHARD
wrote on
Lode V
wrote on
Lode V
wrote on
Pirolet
wrote on
bardia67m
wrote on
Kasperl
wrote on
Daniel Veditz
wrote on
Mark
wrote on
Ferry
wrote on
SteveL
wrote on
pmhparis
wrote on
joao
wrote on
Lode V
wrote on
Christoph Anton Mitterer
wrote on
Ken B
wrote on
TrvsT
wrote on
kasperl
wrote on
Private Joe
wrote on
James
wrote on
GLaDOS
wrote on
Lode V
wrote on
Blah
wrote on
Lode V
wrote on
Matt McCutchen
wrote on
Daniel Veditz
wrote on
theappalasian
wrote on
Jan Ostemor
wrote on
brian
wrote on
David Bernier
wrote on
Tom
wrote on
Fred5
wrote on
dan
wrote on
i am real
wrote on