You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-20

Mozilla Foundation Security Advisory 2013-20

Title: Mis-issued TURKTRUST certificates
Impact: Critical
Announced: January 8, 2013
Reporter: Google
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 18.0
  Firefox ESR 10.0.12
  Firefox ESR 17.0.2
  Thunderbird 17.0.2
  Thunderbird ESR 10.0.12
  Thunderbird ESR 17.0.2
  SeaMonkey 2.15

Description

Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla’s root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates.

References