At the heals of yesterday's Firefox 4 release, we today got 3.6.16 and 3.5.18. As usual, Mozilla will provide security updates for some older browsers after the release of a new major version. If you are not planning to update to Firefox 4 soon, you should update to the newest 3.x version. This wouldn't be worth a full diary (usually we just publish a "one liner") if it wouldn't be for one interesting change: Mozilla decided to add some new blocklisted SSL certificates. SSL certificates are usually considered valid if signed by a trusted certificate authority. My version of Firefox 4 on a Mac includes certificates from about 80 trusted organizations. If a certificate authority finds out tht a certificate was signed by mistake, they may add the bad certificate to a revocation list. Each certificate includes a URL for a revocation list, and the browser may check if the certificate is listed as revoked. However, browsers are not required to check revocation lists. In addition, if a certificate authority is compromised, it may lead to compromised revocation lists as well. The black list feature in Firefox (same feature exists in Chrome) lists a small number of certificates that the browser will not trust. The recent addition is rumored to be due to a compromised certificate authority, which has been used to issue fraudulent certificates. [1] In particular it is suggested that a certificate for "addons.mozilla.org", the site used for Firefox plugins, was created using the compromised CA.
[1] https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion Also see: https://github.com/ioerror/crlwatch#readme ------ |
Johannes 4479 Posts ISC Handler Mar 23rd 2011 |
Thread locked Subscribe |
Mar 23rd 2011 1 decade ago |
According to https://wiki.mozilla.org/Releases new Firefox 3.x aren't due until:
Firefox 3.6.16 April 19 Firefox 3.5.18 April 19 The check for updates for my 3.6.15 isn't showing a new version other than 4.0, are you sure these are live releases not betas? |
Anonymous |
Quote |
Mar 23rd 2011 1 decade ago |
Looks like the Firefox update servers are now up to date, 3.6.16 was just offered. Release notes
http://www.mozilla.com/en-US/firefox/3.6.16/releasenotes/ http://www.mozilla.com/en-US/firefox/3.5.18/releasenotes/ |
Anonymous |
Quote |
Mar 23rd 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!