Firefox plugs SSL bugs | SC Media
Patch management

Firefox plugs SSL bugs

August 3, 2009
Mozilla has patched two vulnerabilities relating to the way browsers interact with SSL certificates. The flaws, which potentially could permit man-in-the-middle attacks, were disclosed by two researchers, Dan Kaminsky and Moxie Marlinspike, in separate presentations at last week's Black Hat conference in Las Vegas. Marlinspike showed how a heap overflow bug could be exploited to present a specially crafted SSL certificate to the user, while Kaminsky revealed a way to obtain a certificate that would work on a victim site. Users are encouraged to download the latest version of Firefox 3.5. — DK
prestitial ad