Mozilla patches SSL, Microsoft CryptoAPI still exposed
Mozilla has patched a very critical flaw in Firefox that allows attackers to pose as a legitimate Firefox update server and implant harmful code into a victim’s computer. Firefox 3.0.13 and 3.5.2 are no longer vulnerable to this attack and the update should automatically run. It would be prudent to check it manually under the Firefox “Help” menu and open the “About” window.
Updated and ready to surf safely.
What would be the best method for those of use who have been surfing without these updates and performing such tasks that require a higher security level? Currently I would assume that if an attacker has struck, he probably has some cookies that pretty much render any password changes or such obsolete. Would a user be stuck to just waiting until the cookies expire and watch account balances carefully or is there something a user can do?