On 24.02.2015 13:10, Juergen Christoffel wrote:
On 23.02.15 22:39, John Nagle wrote:
With the Lenovo and Comodo disclosures, the restrictions
on loading new certificates into Firefox clients need to be tightened.
The MITM-Ad/Malware installed via the Windows Certificate Store and not
into browsers, so I cannot follow your conclusion.
Lenovo is not only offering removal-instructions for the Windows
Certficiate Store[1], but also for Mozilla-products[2].
So apparently Superfish is or was installing its certificate into
browsers[3].
[1] http://support.lenovo.com/us/en/product_security/superfish_uninstall#ie
[2]
http://support.lenovo.com/us/en/product_security/superfish_uninstall#firefox
[3] http://blog.erratasec.com/2015/02/some-notes-on-superfish.html ;
second image under "How to uninstall the software?"
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
