Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

September 1st, 2011, 11:50 GMT · By

Thunderbird 6.0.1. and Thunderbird 3.1.13 Fix Compromised Root CA Issue

SHARE:

Adjust text size:


Thunderbird updates fix rogue certificate issue
Enlarge picture
Mozilla has updated its two supported Thunderbird versions to remove the root certificate of DigiNotar from the list of authorized Certificate Authorities (CA). The CA had been the victim of a successful attack and several rogue certificates had been issued, signed by it.

Both Mozilla and Google issued updates for their browsers, removing the root certificate for the vendor.

Now, Mozilla has also provided updates for Thunderbird 6, the latest stable version of the popular email suite, but also for the older Thunderbird 3.1, which is still being supported with security patches.

"Thunderbird 6.0.1 and Thunderbird 3.1.13 are now available as free downloads for Windows, Mac, and Linux," Mozilla announced.

"As always, we recommend that users keep up to date with the latest stability and support versions of Thunderbird, and encourage all our users to upgrade to the very latest version," the group advised.

"Thunderbird 6.0.1 and Thunderbird 3.1.13 revoke the root certificate for DigiNotar due to fraudulent SSL certificate issuance," Mozilla explained.

A breach at DigiNotar led to a number of rogue certificates being issued, including one for Google. It appears that the attack is linked to Iran.

The false certificates had been in the wild for at least several weeks until they were discovered. During this time, any encrypted visit to a Google site, or any of the other sites affected, could have been intercepted by third-parties, a man-in-the-middle attack.

It is believed that the attack targeted Iran users in particular, but it's impossible to know how widespread the issue is. The breach raises big questions about the security of the public key infrastructure, at least in its current form.

Mozilla has already issued updates for Firefox 6, Firefox 3.6, Firefox 8 Aurora, Firefox 9 Nightly and SeaMonkey 3.2. Updates for Firefox for Mobile and Firefox 7 Beta are in the works. Google Chrome has also been updated.

Mozilla Thunderbird for Windows is available for download here.
Mozilla Thunderbird for Mac is available for download here.
Mozilla Thunderbird for Linux is available for download here.

TELL US WHAT YOU THINK:

1,733 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


VideoLAN Calls Out for Help to Protect Users from VLC Scams
Fake Firefox Update Emails Carry Malware
Google Updates Chrome's WebSocket Implementation to Improve Security
Rogue Google SSL Certificate Found in the Wild
VLC 1.1.11 Fixes Critical Security Flaws

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use