Thunderbird Patched after CA Attack

Tuesday, September 6, 2011 @ 03:09 PM gHale


As a result of the attack on the Dutch SSL provider, Mozilla updated its two supported Thunderbird versions to remove the root certificate of DigiNotar from the list of authorized Certificate Authorities (CA).

The CA had been the victim of a successful attack and several rogue certificates issued, signed by it. Mozilla and Google issued updates for their browsers, removing the root certificate for the vendor.

RELATED STORIES
SSL Hacker will ‘Strike Back Again’
UK Police Bust Hackers
Hackers’ SSL Haul Larger than Reported
Browsers Update to Fend Off Attacks

Mozilla has now also provided updates for Thunderbird 6, the latest stable version of the email suite, but also for the older Thunderbird 3.1, which still gets support with security patches.

“Thunderbird 6.0.1 and Thunderbird 3.1.13 are now available as free downloads for Windows, Mac, and Linux,” Mozilla said.

“Thunderbird 6.0.1 and Thunderbird 3.1.13 revoke the root certificate for DigiNotar due to fraudulent SSL certificate issuance,” Mozilla said.

A breach at DigiNotar led to a number of rogue certificates issued, including one for Google.

The false certificates had been in the wild for at least several weeks before discovery. During this time, third parties could intercept any encrypted visit to a Google site.

Mozilla has already issued updates for Firefox 6, Firefox 3.6, Firefox 8 Aurora, Firefox 9 Nightly and SeaMonkey 3.2. Updates for Firefox for Mobile and Firefox 7 Beta are in the works. Google also updated Chrome.



Leave a Reply

You must be logged in to post a comment.