About Orthus › News

One of the four recently identified security bugs in the popular open-source browser, allows attackers to spoof SSL certificates used to secure websites. The vulnerability means that the Firefox browser can be easily duped by rogue certificates and as such, presents an extremely dangerous scenario that can allow attackers to create convincing-looking forgeries of websites used for financial transactions, email and other sensitive services. The technique works by adding a simple null string character to several certificate fields and was independently reported at the Black Hat security conference by researchers Moxie Marlinspike and Dan Kaminsky. "Orthus strongly recommends that all Firefox users upgrade to the latest release immediately” says Orthus Service Delivery Manager, Chris Keay.  “We are seeing these vulnerabilities exploited on a large scale out there with targeted attacks effectively being executed. If you’re using Firefox, you need to download this patch before you go home tonight. It’s that important” says Keay.      Mozilla has issued an upgrade to fix this vulnerability along with other critical holes, including crashes that carried evidence of memory corruption, a heap overflow in certificate regexp parsing and a Chrome privilege escalation due to an incorrectly cached wrapper. Essentially, these vulnerabilities allow an attacker to remotely easily execute malware on a vulnerable machines.
To get download the upgrade go to http://www.mozilla.org/security