This announcement is related to the same underlying issue as reported in http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/
While the above mentioned hotfix was made at the Mozilla client application level, we would like to provide a hotfix at the NSS level, too.
We have created an updated "builtin certificates" module (ckbi) that includes the fraudulent SSL certificates, and marks them as explicitly not trusted. (The addbuiltin tool was updated, for that purpose, too.)
When attempting to verify one of the fraudulent certificates, NSS will report SEC_ERROR_UNTRUSTED_CERT (this is an pre-existing error code).
We've combined this updated module with the most recently released stable version of NSS 3.12.9
The cvs tag is: NSS_3_12_9_WITH_CKBI_1_82_RTM A source archive has been uploaded to ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_9_WITH_CKBI_1_82_RTM Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
