I thought I had done a post earlier in regards to Mozilla Revoking Trust in one CNNIC Intermediate Certificate. Turns out I had not. Also had planned on posting more about this earlier this weekend as Mozilla took further actions against the CNNIC certificate authority on Thursday, April 2nd. I did mention this briefly in the Firefox 37.0.1 Released post, but wanted to take a moment and explain about this in a little more detail. About 2-weeks ago on March 23rd, from the Mozilla Security Blog: China Internet Network Information Center (CNNIC), a non-profit organization administrated by Cyberspace Administration of China…
April 5, 2015
Read More
Mozilla released an emergency update to Firefox 37 on April 3, 2015 with Firefox 37.0.1. This update did address start-up crashes due to graphics hardware and third party software. However, there were two security fixes to address a couple recently released Mozilla Foundation Security Advisories (MFSA): MFSA 2015-44 Critical: Certificate verification bypass through the HTTP/2 Alt-Svc header [Firefox 37 Desktop] MFSA 2015-43 High: Loading privileged content through Reader mode [Firefox 37 Android/Firefox 38 Beta (Desktop)] The now disabled HTTP/2 Alt-Svc header aka Opportunistic Encryption For Firefox was introduced in the Firefox 37 from earlier in the week. There has been several security issues/breaches…