You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2009-48
Mozilla Foundation Security Advisory 2009-48
Title: Insufficient warning for PKCS11 module installation and removal
Impact: Moderate
Announced: September 9, 2009
Reporter: Jesse Ruderman, Dan Kaminsky
Products: Firefox
Fixed in: Firefox 3.0.14
Description
Mozilla security researcher Jesse Ruderman reported
that when security modules were added or removed
via pkcs11.addmodule
or pkcs11.deletemodule
,
the resulting dialog was not sufficiently informative. Without
sufficient warning, an attacker could entice a victim to install a
malicious PKCS11 module and affect the cryptographic integrity of the
victim's browser.
Security researcher Dan Kaminsky reported that
this issue had not been fixed in Firefox 3.0 and that under certain
circumstances pkcs11
modules could be installed from a
remote location.
Firefox 3.5 releases are not affected.