Screaming Penguin

But a problem with the Mozilla caching system makes it possible to keep that key unbroken even while importing content from other sites, and for the malicious site to display the security certificates from the trusted site. That could help a malicious site author convincingly impersonate a trusted site like eBay or the Bank of America, a security situation ripe for credit card or identity theft schemes. The somewhat less-severe second certificate bug, posted to Mozilla's own Bugzilla bug-tracking system, paves the way for a denial-of-service attack. Because of the bug, a forged certificate could wind up corrupting an authentic one. As a result, someone visiting the trusted site would be denied access. Mozilla said it was still deciding whether it would release stand-alone patches or simply issue the fixes with upcoming versions of the browsers. Current Mozilla-based browsers include Mozilla 1.7.1 and Firefox 0.9.2. Mozilla expects to have either patches or new versions of the browsers available in about a week