“The NSA discovered an error in the Microsoft code that verifies those signatures, potentially enabling a hacker to forge the signature”https://www.washingtonpost.com/national-security/nsa-found-a-dangerous-microsoft-software-flaw-and-alerted-the-firm--rather-than-weaponize-it/2020/01/14/f024c926-3679-11ea-bb7b-265f4554af6d_story.html …
-
-
I'm seeing Mozilla source that indications they use the "CertGetCertificateChain" function https://github.com/mozilla/gecko-dev/search?q=certgetcertificatechain&unscoped_q=certgetcertificatechain …
-
Indeed, but only for the optional (not on by default) enterprise root support feature. https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox …
End of conversation
New conversation -
-
-
Thanks for the details. Obviously one should just patch right away, but it is interesting to know that if you need to use a web browser before you do patch, Firefox is the only safe choice. (You would need to already have it installed though
.)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.