Flaws in Mozilla's Handling of Security Certificates Fixed

Thanks supernova_00 for informing me about News.com mistake. Always on top of things The Mozilla Foundation released a patch yesterday for two security bugs, but the updated end-user releases of Mozilla products are not yet available. The two bugs are related to how Mozilla browsers handle certificates. According to News.com "The problem has to do with a standard mechanism for pulling in content from Web sites other than the one the surfer has visited."

CNET News.com is reporting that two new flaws in the way Mozilla handles security certificates have been discovered. The more serious vulnerability allows a site to appear to have a security certificate when it does not (bug 253121). The other hole makes it possible for an attacker to overwrite the root certificate authority certificates, causing an error message to appear whenever the user tries to access a (genuine) secure site (bug 249004). Both bugs have now been fixed, but updated end-user releases of Mozilla products are not yet available.

View: Bug 253121 | Bug 249004

View: C|Net News.com Article

News source: mozillaZine

Report a problem with article
Previous Story

Interview: Everquest II (Part Two)

Next Story

Netscape 7.2 To Be Released August 3rd


Commenting is disabled on this article.

Fixed and released publicly are different things. Until the code is out in a 100% public, non-nightly build, it's not out, simple as that.