14 DAY TRIAL // Mozilla is making available two new security-strengthened versions of Firefox for Mac OS X, Windows and Linux, advising all customers to update immediately. The releases revoke the root certificate for DigiNotar due to fraudulent SSL certificate issuance.
An entry over at the Mozilla Dev Center posted by Christian Legnitto on Tuesday, September 6th, 2011 reveals that “Firefox 6.0.2 and Firefox 3.6.22 are now available as free downloads for Windows, Mac, Linux, and Android from http://mozilla.org/firefox.”
“As always, we recommend that users keep up to date with the latest stability and support versions of Firefox, and encourage all our users to upgrade to the very latest version,” Legnitto writes.
Existing users generally receive an automated update notification within 24 to 48 hours, but this time around, Mozilla strongly recommends that users reach out for the update themselves.
The reason? “Firefox 6.0.2 and Firefox 3.6.22 remove trust exceptions for certificates issued by Staat der Nederlanden,” Legnitto says.
The Mozilla Security Blog holds more information on the revoked trust in the DigiNotar certificate authority.
There, Johnathan Nightingale, Director of Firefox Engineering, explains: “This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort.”
Nightingale says there were three central issues that determined Mozilla to take such radical action. There is a failure to notify, while the scope of the breach remains unknown, but the main reason is probably because the attack in itself is not theoretical.
“We have received multiple reports of these certificates being used in the wild,” Nightingale confirms.
Mac users can download both these Firefox releases (as well as other beta- and alpha-grade version) via the link below.