Updates to Firefox & Chrome
by MarkFlax - 9/2/11 1:54 PM
Both browsers have updates available after the discovery
of a fraudulent DigiNotar SSL certificate being used in Iran as part of a man-in-the-middle attack, Mozilla has now released versions of Firefox 6.0.1, Firefox 3.6.21 and Thunderbird 6.0.1, and Google has released Chrome 13.0.782.218. The updates disable or delete entries for DigiNotar's Certificate Authority. Google also took the opportunity to update the Adobe Flash Player in Chrome and also updated development versions of Chrome.
The impact of the removal of the DigiNotar Root certificate, beyond that of blocking the one (or more) bogus certificates, is unclear, though it may have an impact on users in the Netherlands where DigiNotar operates. For example, the government's DigiD identity management platform uses SSL certificates issued by DigiNotar.
Users will see the updates for Firefox within 24 to 48 hours. Firefox 3.6.x users who wish to install the update manually can download it from the "Older Firefox" page. At the time of writing, according to Mozilla's advisory page, updates for the Aurora and Nightly builds of Firefox have been updated as well, but not the Firefox 7 beta; Thunderbird 7 beta and Firefox for Mobile will be updated soon. Users can also manually check.
Chrome users should see their updates appear automatically, but can also manually update the browser.
Update: Mozilla has also released version 3.1.13 of Thunderbird to revoke the root certificate for DigiNotar.
Falsely issued Google SSL certificate in the wild for more then 5 weeks
Rogue Google SSL certificate missed by auditors
Thanks to Carol for providing this information, and for doing all the hard work!
Carol's post about this in the Spyware, viruses and security forum can be found here;
NEWS - August 31, 2011: Updated Chrome and Firefox for fraudulent Google certificate available
And there is further information in that thread.