New Versions of Chrome and Firefox Disable DigiNotar Root

Type threatpost
Reporter Dennis Fisher
Modified 2013-04-17T16:33:53


Mozilla has released version 6.01 of its Firefox browser, which now removes the compromised DigiNotar root certificate from the list of trusted roots. The move comes just two days after security researchers discovered that the Dutch company had issued a valid wildcard certificate for Google to an unknown third party.

Within hours of the discovery, Mozilla officials released a statement saying that they planned to push an update for Firefox soon that would remove DigiNotar from Firefox’s trusted root certificate list. On Tuesday, Google released a new version of Chrome that disables DigiNotar trust in the browser. Microsoft also has removed DigiNotar from the list of trusted roots that Internet Explorer uses.

“Users on a compromised network could be directed to sites using a
fraudulent certificate and mistake them for the legitimate sites. This
could deceive them into revealing personal information such as usernames
and passwords. It may also deceive users into downloading malware if
they believe it’s coming from a trusted site. We have received reports
of these certificates being used in the wild,” Mozilla security officials said in a blog post on Monday.

Firefox users who have automatic updates enabled should get the new version of the browser soon. To download it manually, click on the Firefox button, then Help, then About Firefox and click on Check for Updates. Users who can’t or don’t want to upgrade right away can remove the DigiNotar root from their browsers by clicking on Options, then Advanced, then Encryption and then selecting the View
Certificates option. Then scroll down to the DigiNotar root CA, click on
it and then click on Delete or Distrust.

In addition to disabling trust for the DigiNotar root, Google also has blacklisted in Chromium nearly 250 certificates issued by the company.