Updated Chrome and Firefox for fraudulent Google certificate available
In response to the discovery of a fraudulent DigiNotar SSL certificate being used in Iran as part of a man-in-the-middle attack, Mozilla has now released versions of Firefox 6.0.1, Firefox 3.6.21 and Thunderbird 6.0.1, and Google has released Chrome 13.0.782.218. The updates disable or delete entries for DigiNotar's Certificate Authority. Google also took the opportunity to update the Adobe Flash Player in Chrome and also updated development versions of Chrome.
The impact of the removal of the DigiNotar Root certificate, beyond that of blocking the one (or more) bogus certificates, is unclear, though it may have an impact on users in the Netherlands where DigiNotar operates. For example, the government's DigiD identity management platform uses SSL certificates issued by DigiNotar.
Users will see the updates for Firefox within 24 to 48 hours. Firefox 3.6.x users who wish to install the update manually can download it from the "Older Firefox" page. At the time of writing, according to Mozilla's advisory page, updates for the Aurora and Nightly builds of Firefox have been updated as well, but not the Firefox 7 beta; Thunderbird 7 beta and Firefox for Mobile will be updated soon. Users can also manually check.
Chrome users should see their updates appear automatically, but can also manually update the browser.
Update 2: Version 2.3.2 of the SeaMonkey "all-in-one internet application suite" has been released by Mozilla to delete the DigiNotar root certificate. The update also fixes an issue when importing email from Microsoft Outlook.