This version of Firefox addresses compromise of SSL-protected communication and heap overflow in certificate regexp parsing. The heap overflow of certificate names in handlers of regular expressions could allow an attacker to run malisious code. Firefox version 3.5 uses industry standard wildcard syntax which is not vulnerable to this flaw.

Dan Kaminsky, who had published the DNS flaw has discovered a mismatch of domain names in SSL certificates. If someone wanted to they can request a certificate with invalid or null character. Many Certificate Authorities would issue the ticket with incomplete or invalid information. SSL clients used the invalidated certificate information before the null allowing the attacker to be trusted. In a nut shell an attacker could obtain a certificate for any web site they wished to attack. The attack could allow for the interception and alteration of the encrypted communication between the client and server. This type of attack could be used to compromise client updates including the integrity of Firefox updates as demonstrated by Moxie Marlinspike.

Update on Friday, August 21, 2009 at 04:21PM by drStrangeP0rk

Mozilla.org has release Thunderbird 2.0.0.23 which fixes the compromise of SSL-protected communication. Users should update if they are using thunderbird for MacOSX.

http://www.mozilla.org/security/announce/2009/mfsa2009-42.html