Mozilla Patches Recently Disclosed SSL Vulnerabilities

Three SSL implementation vulnerabilities, some of which were publicly disclosed during the Black Hat security conference, have been addressed in the new Mozilla Firefox 3.5.2 and 3.0.13 versions. Patches for Thunderbird and SeaMonkey, which are also vulnerable, will be released at a later date.

The Black Hat Briefings security conference that took place in Las Vegas last week brought together some of the best minds in the security industry, who shared their latest findings. Reputed security researchers Dan Kaminsky and Moxie Marlinspike independently presented an SSL certificate flaw, which could compromise secure SSL-enabled communications.

Exploitation involves obtaining a certificate from a CA (Certificate Authority) with a malformed domain name. A null byte character "\0" inserted at specific positions in the domain name would trigger a null byte poisoning condition, where the browser discards the portion of the name after it. For example, a certificate for the ebay.com\0.example.com subdomain would be interpreted by the vulnerable client as a valid certificate for ebay.com.

Moxie Marlinspike also reported a related heap overflow vulnerability in the code that handled regular expressions in certificate names. This could have allowed the execution of arbitrary code contained in the certificate. According to Mozilla, this flaw was located in older code that ensured compatibility with older Netscape regular expression syntax and only affected the Firefox 3.0.x branch.

A third SSL-related bug was revealed by Juan Pablo Lopez Yacubian and allowed spoofing the location bar and SSL indicator via specially crafted JavaScript code. "An attacker could use these issues to display misleading location and SSL information for a malicious web page," Mozilla explained.

Tim Callan, product marketing executive for the SSL business unit at VeriSign, the largest CA on the Internet, noted that the certificates issued by the company were not vulnerable. "I'm pleased to say that none of VeriSign's SSL Certificates on any brand allow null characters," he wrote on his corporate blog.

Mr. Callan also commented on the pre-image attacks against MD2 mentioned by Dan Kaminsky during his Black Hat presentation. "As of May 2009, VeriSign is issuing its SSL Certificates on all brands using SHA-1," he stressed.