Ubuntu gets Firefox, xulrunner runtime update to thwart MITM attacks

Mozilla issues a hot fix to tackle fraudulent certificates released by DigiNotar.

Mozilla has issued an update to counter the Firefox and xulrunner vulnerability (USN-1197-3) in several versions of Ubuntu and its derivatives. The vulnerability which exists in Firefox and the xulrunner Mozilla Gecko runtime environment 1.9.2 may lead to the misuse of fraudulent digital certificates released by Dutch Certificate Authority, DigiNotar. This fix actively distrusts the rogue certificate and its intermediary certificates.

This digital certificate vulnerability exists with the bundled Firefox browser on Ubuntu ver. 11.04, ver. 10.10 and ver. 10.04 LTS. It is believed that the mis-issued certificates may be used to perform a "man in the middle" (MITM) attack. An earlier update USN-1197-1 partially addressed this issue.

It is recommended that users of Ubuntu update their systems to the latest version of Firefox for their platforms. Systems must be restarted post update for system-wide changes to take effect.


Read more on Hackers and cybercrime prevention