Firefox Patches Black Hat SSL Encryption Vulnerability
August 5, 2009 by admin
Filed under Security News
75 views Leave a Comment
Firefox has released version 3.5.2, a patch closing four critical vulnerabilities – one of which was a serious SSL encryption flaw discovered at the recent Black Hat conference in Las Vegas.
IOActive security researcher Dan Kaminsky and independent security researcher Moxie Marlinspike separately announced the compromise of SSL-protected communication at the Black Hat conference, according to reports.
The flaw is described in more detail here, but as Mozilla said in an advisory, it basically meant that attackers could have obtained certificates that could intercept and alter encrypted information between client and server, such as bank account transactions.
The Microsoft Vulnerability Research Team also helped with coordinating a multiple-vendor response to the problem.
The other three vulnerabilities were also critical. This meant that attackers could have taken advantage by running code and installing software on a user’s computer even if they were just browsing normally.
By Asavin Wattanajantra at www.itpro.co.uk
Related posts:
- How to configure Facebook to use SSL encryption (https secure browsing) By SOPHOS
- Critical patches for Windows and Flash Player
- KHOBE ‘vulnerability’: is this game over for security software?
- Serious IE ActiveX Vulnerability Discovered
- Protecting against the Internet Explorer zero day vulnerability
