Builder.com on Mozilla Certificate Problems.
Couple of new Mozilla security bugs this week:
But a problem with the Mozilla caching system makes it possible to keep that key unbroken even while importing content from other sites, and for the malicious site to display the security certificates from the trusted site.
That could help a malicious site author convincingly impersonate a trusted site like eBay or the Bank of America, a security situation ripe for credit card or identity theft schemes.
The somewhat less-severe second certificate bug, posted to Mozilla's own Bugzilla bug-tracking system, paves the way for a denial-of-service attack.
Because of the bug, a forged certificate could wind up corrupting an authentic one. As a result, someone visiting the trusted site would be denied access.
Mozilla said it was still deciding whether it would release stand-alone patches or simply issue the fixes with upcoming versions of the browsers. Current Mozilla-based browsers include Mozilla 1.7.1 and Firefox 0.9.2.
Mozilla expects to have either patches or new versions of the browsers available in about a week
Comments
RE: Builder.com on Mozilla Certificate Problems.
Actually, Firefox 0.9.2/Mozilla 1.7.1 is windows only. The other OS versions are Firefox 0.9.1 and Mozilla 1.7.
RE: Builder.com on Mozilla Certificate Problems.
Hey so how come this damn site is always picking on IE and never points out when anything goes wrong with open source software, this is just bullshit . . . . oh, sorry.