Mozilla Security Alert: Fraudulent *.google certificate issued


Upgrades issued for Firefox, Thunderbird and SeaMonkey:

Mozilla Security Blog has issued an advisory, warning users that DigiNotar has revoked a fake digital certificate it issued for Google’s domain. According to LWN.NET “this is the first time that a fake certificate has successfully been used in the wild.” The fake certificate, issued on 10 July 2011, has been used to spy on users in Iran. Google, Inc. reported the issue to Mozilla. Learn more at [LWN.NET]

Because the extent of the mis-issuance is not clear, we are releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) shortly that will revoke trust in the DigiNotar root and protect users from this attack. We encourage all users to keep their software up-to-date by regularly applying security updates. Users can also manually disable the DigiNotar root through the Firefox preferences.


Comments are closed.