Top

Firefox Update Fixes Serious SSL, Other Bugs

PC World: "A Firefox update released today fixes a recently disclosed flaw in the way Firefox 3.0 and other programs handle SSL certificates, which are used for (theoretically) secure online communications.

The SSL cert problem was reported at last week's Black Hat security conference, and could allow an attacker to use a "null-termination" certificate to intercept SSL communications between the browser and a site. Such traffic is normally encrypted so that it would only appear as indecipherable letters and numbers to any digital spies, but the cert bug allows for a successful "man-in-the-middle" hijack if an attacker has access to your network."

The story is too old to be commented.