News

Mozilla moves swiftly to patch SSL loophole in Firefox

05 August 2009

Programmers with the Mozilla Foundation have moved rapidly to patch one of the two SSL security flaws in web browsers, such as Firefox, identified by researchers at the Black Hat security briefings in Las Vegas late last week.

Three other security problems have also been solved with Firefox 3.5.2 but the SSL-protected compromise - in which hackers could obtain certificates allowing the intercept and alteration of encrypted communications between the web browser and the IP destination - is viewed by many as the most important.

Microsoft's vulnerability research team is also reported to have been working with the Mozilla Firefox development team, and sources suggest that a patch for Internet Explorer to solve the SSL security flaw is imminent.

As widely reported over the weekend - including by Infosecurity - IOActive security researcher Dan Kaminsky and independent security researcher Moxie Marlinspike both separately revealed the compromise of SSL-protected communications at last week's Black Hat event.

Mozilla has posted an explanation of its patch and the SSL security flaw on its website.

This article is featured in:
Application Security • Encryption • Internet and Network Security

Comment on this article

You must be registered and logged in to leave a comment about this article.

Related Links

Related Stories

News

Mozilla moves swiftly to patch SSL loophole in Firefox

Programmers with the Mozilla Foundation have moved rapidly to patch one of the two SSL security flaws in web browsers, such as Firefox, identified by researchers at the Black Hat security briefings in Las Vegas late last week.

Comment on this article

Members' Login

Not a member?