Fraudulent SSL Certificates
Original release date: March 23, 2011 at 1:54 pm
Last revised: March 23, 2011 at 1:54 pm
US-CERT is aware of public reports of the existence of fraudulent SSL
certificates. These fraudulent SSL certificates could be used by an
attacker to masquerade as a trusted website. Multiple web browser
vendors have provided updates to recognize and block these fraudulent
SSL certificates.
Mozilla has updated Firefox 4.0, 3.6, and 3.5. Additional information
can be found in the Mozilla Security Blog.
Microsoft has released updates for various platforms in Microsoft
Knowledge Base Article 2524375. Additional information can be found in
Microsoft Security Advisory 2524375.
US-CERT encourages users and administrators to apply any necessary
updates to help mitigate the risks. US-CERT will provide additional
information as it becomes available.
Relevant Url(s):
<http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/>
<http://www.microsoft.com/technet/security/advisory/2524375.mspx>
<http://support.microsoft.com/kb/2524375>