The Broadband Guide
search advanced
 forgot password?

Mozilla to Fix Critical Certificate Pinning Issue

2016-09-19 12:36 by
Tags: ,


Mozilla is expected to release tomorrow a Firefox update that fixes a cross-platform, malicious code-execution vulnerability, which could be used in man-in-the-middle attacks. The Tor Browser, which is also based on a version of Firefox, fixed this issue Friday with the release of version 6.0.5.

"Due to flaws in the process we used to update 'Preloaded Public Key Pinning' in our releases, the pinning for add-on updates became ineffective for Firefox release 48 starting September 10, 2016, and ESR 45.3.0 on September 3, 2016," Mozilla explained.

According to Tor officials, the vulnerability allows an attacker to obtain a forged certificate to impersonate Mozilla servers. Then, the attacker could send a malicious update for NoScript or many other Firefox extensions installed on a targeted computer. The fraudulent certificate would have to be issued by any one of several hundred Firefox-trusted certificate authorities (CA).

Until the update is released, Firefox users may use a different browser or configure Firefox to stop automatically accepting extension updates.

Read more -here-


  Post your review/comments
comment discuss top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About