Firefox Patches Black Hat SSL Encryption Vulnerability

Firefox has released version 3.5.2, a patch closing four critical vulnerabilities – one of which was a serious SSL encryption flaw discovered at the recent Black Hat conference in Las Vegas.

IOActive security researcher Dan Kaminsky and independent security researcher Moxie Marlinspike separately announced the compromise of SSL-protected communication at the Black Hat conference, according to reports.

The flaw is described in more detail here, but as Mozilla said in an advisory, it basically meant that attackers could have obtained certificates that could intercept and alter encrypted information between client and server, such as bank account transactions.

The Microsoft Vulnerability Research Team also helped with coordinating a multiple-vendor response to the problem.

The other three vulnerabilities were also critical. This meant that attackers could have taken advantage by running code and installing software on a user’s computer even if they were just browsing normally.

By Asavin Wattanajantra at www.itpro.co.uk

Related posts:

1. Critical Firefox security hole fixed – have you updated?
2. More Zero-Day Exploits for Firefox and IE Flaws
3. Critical flaws fixed in Firefox 3.5.4
4. German Government: Don’t use Firefox
5. Protect Your Files Quickly and Easily By Sophos Free Encryption