Ubuntu gets Firefox, xulrunner runtime update to thwart MITM attacks

Mozilla issues a hot fix to tackle fraudulent certificates released by DigiNotar.

Mozilla has issued an update to counter the Firefox and xulrunner vulnerability (USN-1197-3) in several versions of Ubuntu and its derivatives. The vulnerability which exists in Firefox and the xulrunner Mozilla Gecko runtime environment 1.9.2 may lead to the misuse of fraudulent digital certificates released by Dutch Certificate Authority, DigiNotar. This fix actively distrusts the rogue certificate and its intermediary certificates.

This digital certificate vulnerability exists with the bundled Firefox browser on Ubuntu ver. 11.04, ver. 10.10 and ver. 10.04 LTS. It is believed that the mis-issued certificates may be used to perform a "man in the middle" (MITM) attack. An earlier update USN-1197-1 partially addressed this issue.

It is recommended that users of Ubuntu update their systems to the latest version of Firefox for their platforms. Systems must be restarted post update for system-wide changes to take effect.

 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close