Mozilla has reported about the issuance of at least one fraudulent SSL certificate for public websites belonging to Google, Inc. Reference: https://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
MFSA 2011-34 corrects this in Firefox 6.0.1, Firefox 3.6.21, Thunderbird 6.0.1, Thunderbird 3.1.13, and SeaMonkey 2.3.2: http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
*** Bug 734846 has been marked as a duplicate of this bug. ***
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2011:1243 https://rhn.redhat.com/errata/RHSA-2011-1243.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:1242 https://rhn.redhat.com/errata/RHSA-2011-1242.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2011:1244 https://rhn.redhat.com/errata/RHSA-2011-1244.html
This severe issue has not been addressed at all in Fedora (14, 15, 16). As a minimum, a security advisory is in place, instructing users to manually remove Diginotar certificates. E.g (some dumbed-down guide): http://www.linuxbsdos.com/2011/09/04/how-to-delete-diginotar-ca-certificate-from-firefox/
See bug#734679. I consider this bug as very urgent. Fraudulent certificates have been released for Google, Twitter, Yahoo, and possible Dutch government sites.
Oron, Jan, We are waiting for upstream to release fixed packages for Mozilla products. Once they do, we will release them for fedora.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 6 Via RHSA-2011:1282 https://rhn.redhat.com/errata/RHSA-2011-1282.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5.6 EUS - Server Only Via RHSA-2012:0532 https://rhn.redhat.com/errata/RHSA-2012-0532.html