Researchers have found a security issue in a project browser Mozilla Firefox uses it. Today, Mozilla has released security updates to include the five (!) Versions of Firefox for Android.
Vulnerability Firefox for Android
The security updates today seal a puncture in a part of Firefox, namely NSS. This means Network Security Services and is used by various companies to check security certificates. Take for example the website of your bank. When it does connect there, you’ll see a green address bar with a lock, so you are sure that your connection with the bank have indeed and not a copy of the website set up by attackers.
The leak ensured that hackers were able to work with a forged certificate which you could not be sure that you were actually on a particular website. Certainly
Double reported
Two teams of security researchers have reported the problem about the same time. It is a protection team of researchers from Intel and Team Prosecco in Paris. Those two teams came to the conclusion that NSS was vulnerable to a previously reported problem. Probably this means that attackers also were aware of the problem.
As we wrote above, NSS not only used by Mozilla, but also by other companies. These include to Google that NSS used for Google Chrome. The Android version of Chrome is an exception and is therefore not vulnerable to this flaw. The desktop versions of Chrome yesterday received an update for the leak.
Download the update
The updated versions of the beta (33 beta 7) and the stable version (32.0.3) can now be found. In the Google Play Store The development versions are updated through the usual channels and are safe for the leak from the version yesterday.
Source: Reddit and Mozilla
No comments:
Post a Comment