Firefox Update Fixes Serious SSL, Other Bugs

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

A Firefox update released today fixes a recently disclosed flaw in the way Firefox 3.0 and other programs handle SSL certificates, which are used for (theoretically) secure online communications.

The SSL cert problem was reported at last week's Black Hat security conference, and could allow an attacker to use a "null-termination" certificate to intercept SSL communications between the browser and a site. Such traffic is normally encrypted so that it would only appear as indecipherable letters and numbers to any digital spies, but the cert bug allows for a successful "man-in-the-middle" hijack if an attacker has access to your network.

Firefox 3.0.13 fixes the problem, along with another certificate problem reported by the same researcher, Moxie Marlinspike. Firefox 3.5 was already protected from these errors, but a new 3.5.2 browser update fixes other security holes, including a javascript bug that could be potentially be targeted to install malware.

To pick up the update for either version, head to Help | Check for Updates. And for a full list of the security fixes and other changes in both updates, see the Firefox 3 release notes and those for Firefox 3.5.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon