Last week, multiple browser vendors issued updates in response to the exploit of the DigiNotar SSL certificate authority (CA) .
As it turns out, those updates didn’t go far enough as the exploit of DigiNotar is worse than initial reports indicated. Mozilla has issued Firefox 6.0.2 as their second patch to help protected their browser users against the risk of fraudulent DigiNotar SSL certificates.
“The main change is to add explicit distrust to the DigiNotar root certificate and several intermediates,” Mozilla stated in its advisory. “Removing the root as in our previous fix meant the certificates could be considered valid if cross-signed by another Certificate Authority.”