Ubuntu gets Firefox, xulrunner runtime update to thwart MITM attacks


Ubuntu gets Firefox, xulrunner runtime update to thwart MITM attacks

SearchSecurity.in Staff

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

Mozilla has issued an update to counter the Firefox and xulrunner vulnerability (USN-1197-3) in several versions of Ubuntu and its derivatives. The vulnerability which exists in Firefox and the xulrunner Mozilla Gecko runtime environment 1.9.2 may lead to the misuse of fraudulent digital certificates released by Dutch Certificate Authority, DigiNotar. This fix actively distrusts the rogue certificate and its intermediary certificates.

This digital certificate vulnerability exists with the bundled Firefox browser on Ubuntu ver. 11.04, ver. 10.10 and ver. 10.04 LTS. It is believed that the mis-issued certificates may be used to perform a "man in the middle" (MITM) attack. An earlier update USN-1197-1 partially addressed this issue.

It is recommended that users of Ubuntu update their systems to the latest version of Firefox for their platforms. Systems must be restarted post update for system-wide changes to take effect.