New Versions of Chrome and Firefox Disable DigiNotar Root

by Carol~ Moderator - 8/31/11 11:04 AM

In Reply to: NEWS - August 31, 2011 by Carol~ Moderator

Related to the first post in this thread:

Mozilla has released version 6.01 of its Firefox browser, which now removes the compromised DigiNotar root certificate from the list of trusted roots. The move comes just two days after security researchers discovered that the Dutch company had issued a valid wildcard certificate for Google to an unknown third party.

Within hours of the discovery, Mozilla officials released a statement saying that they planned to push an update for Firefox soon that would remove DigiNotar from Firefox's trusted root certificate list. On Tuesday, Google released a new version of Chrome that disables DigiNotar trust in the browser. Microsoft also has removed DigiNotar from the list of trusted roots that Internet Explorer uses.

"Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it's coming from a trusted site. We have received reports of these certificates being used in the wild," Mozilla security officials said in a blog post on Monday.

In addition to disabling trust for the DigiNotar root, Google also has blacklisted in Chromium nearly 250 certificates issued by the company.

http://threatpost.com/en_us/blogs/new-versions-chrome-and-firefox-disable-diginotar-root-083111