Mozilla aware of SSL flaw in Feb. Advisory issued in August
One of the biggest stories out of last week's Black Hat event was the disclosure that Firefox and other web browsers were at risk from SSL man in the middle attacks. The attacks which were discussed (and reported by) Dan Kaminsky and Moxie Marlinspike involve null wildcards for SSL certificates which tricked the browser into thinking that /o*.attackdomain.realdomain.com was actually a legitimate SSL certificate for realdomain.com
Mozilla published an advisory on the issue on Saturday.
"Users of unfixed versions of Firefox 3.0 who are concerned about the potential for this attack on their network should download the latest Firefox 3.5 from our web site, and on Windows ensure that the installer is signed and that "Mozilla Corporation" is the publisher."