Mozilla patches SSL, Microsoft CryptoAPI still exposed
August 5th, 2009
1 comment
Mozilla has patched a very critical flaw in Firefox that allows attackers to pose as a legitimate Firefox update server and implant harmful code into a victim’s computer. Firefox 3.0.13 and 3.5.2 are no longer vulnerable to this attack and the update should automatically run. It would be prudent to check it manually under the Firefox “Help” menu and open the “About” window.