U radu programskih paketa Mozilla Firefox i Thunderbird uočen je sigurnosni propust kojeg zlonamjerni korisnik može iskoristiti za izvođenje MITM (eng. man in the middle) napada.

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:129
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mozilla
 Date    : September 3, 2011
 Affected: 2009.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Security issues were identified and fixed in mozilla firefox and
 thunderbird:

 Google Chrome user alibo encountered an active man in the middle (MITM)
 attack on secure SSL connections to Google servers. The fraudulent
 certificate was mis-issued by DigiNotar, a Dutch Certificate
 Authority. DigiNotar has reported evidence that other fraudulent
 certificates were issued and in active use but the full extent of
 the compromise is not known.

 For the protection of our users Mozilla has removed the DigiNotar
 root certificate. Sites using certificates issued by DigiNotar will
 need to seek another certificate vendor.

 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 Additionally, some packages which require so, have been rebuilt and
 are being provided as updates.
 _______________________________________________________________________

 References:

 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
 _______________________________________________________________________