Added info regarding Justin's 2.3.2 update thread. According to this Register article: <quote> By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 31st August 2011 18:34 GMT The secure webpage hosting addons for Mozilla Firefox was targeted in the same attack that minted a fraudulent authentication credential for Google websites, the maker of the open-source browser said. ... </quote> Full news article at: <http://www.theregister.co.uk/2011/08/31/more_site_certificates_forged/> [Mozilla addons site targeted in same attack that hit Google] Anyone know if there is any truth to that? I now feel our past threads raising concerns regarding auto-update (core and add-ons) now have additional validity. All of the 'it's OK, just trust us' but actually isn't raises it's ugly head - again. Note: I realize this _isn't_ Mozilla's fault, however it does indeed again raise the issue of trusting autoupdates (core and add-ons) defaults. It seems that DigiNotar was aware of the hack some time ago: http://www.wired.com/threatlevel/2011/08/diginotar-breach/ [Google Certificate Hackers May Have Stolen 200 Others] <http://www.computerworld.com/s/article/9219663/Hackers_may_have_stolen_over_200_SSL_certificates> Gotta love the press release by Vasco/DigiNotar: <http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx> <quote> VASCO expects the impact of the breach of DigiNotar’s SSL and EVSSL business to be minimal. Through the first six months of 2011, revenue from the SSL and EVSSL business was less than Euro 100,000. VASCO does not expect that the DigiNotar security incident will have a significant impact on the company’s future revenue or business plans. </quote> Anyway; block these guys by upgrading and/or Edit|Preferences|Privacy & Security|Certificates|Manage Certificates|Authorities|click on 'DigiNotrar Root CA' and click 'Delete or Distrust' & 'OK'. if you can't immediately upgrade. And for more excitement & reading, here is the bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=682927 [Dis-trust DigiNotar root certificate] _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
