Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server.
This will be MFSA 2008-31
This is now public: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
devhelp-0.16.1-8.fc8, gtkmozembedmm-1.4.2.cvs20060817-21.fc8, yelp-2.20.0-10.fc8, gnome-web-photo-0.3-11.fc8, kazehakase-0.5.4-2.fc8.2, blam-1.8.3-16.fc8, epiphany-2.20.3-5.fc8, liferea-1.4.15-2.fc8, epiphany-extensions-2.20.1-8.fc8, galeon-2.0.4-3.fc8.3, openvrml-0.17.6-3.fc8, chmsee-1.0.0-2.31.fc8, ruby-gnome2-0.17.0-0.2.rc1.fc8, firefox-2.0.0.15-1.fc8, gnome-python2-extras-2.19.1-15.fc8, Miro-1.2.3-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-1.1.10-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-1.1.10-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-2.0.0.16-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-2.0.0.16-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via: Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:0547 Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2008:0547 Red Hat Enterprise Linux version 4 (seamonkey) RHSA-2008:0547 Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:0549 Red Hat Enterprise Linux version 5 (firefox) RHSA-2008:0569 Red Hat Enterprise Linux version 4 (thunderbird) RHSA-2008:0616 Red Hat Enterprise Linux Desktop version 5 (thunderbird) RHSA-2008:0616 RHEL Optional Productivity Applications version 5 (thunderbird) RHSA-2008:0616