SSL meltdown: Mozilla admits mistakes in its information policy

    Date28 Mar 2011
    CategoryLatest News
    Posted ByAlex
    Although Mozilla recently responded to the compromising of Comodo's Certificate Authority by issuing Firefox 4 as well as updates for Firefox 3.5/3.6, the non-profit organisation hardly published any of its own information concerning the incident. In a blog posting, Mozilla has now provided further information and said that a previous decision not to release information was a mistake.

    The authors of the Mozilla blog post write that Comodo had already notified Mozilla about the threat on the morning of 16 March. Mozilla said that it responded by incorporating a blacklist and releasing Firefox 4 as well as updated versions 3.5 and 3.6 on 22 March.

    As soon as the patched versions were released, Mozilla said it made a release announcement with some details of the problem. The developers said that they were concerned though that the attackers could block the security measures they just implemented. However, in hindsight Mozilla admits that this was the wrong decision to make: "We should have informed web users more quickly about the threat and the potential mitigations as well as their side-effects", said the developers.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.