Web browserThe Intel Security Advanced Threat Research Team has today discovered a critical vulnerability in the Mozilla Network Security Services (NSS) crypto library.

This library is commonly utilized in the popular Firefox web browser, but can also be found in other Mozilla products such as Thunderbird and Seamonkey—as well as Google Chrome.

A crypto library is largely what it sounds like. It’s a collection of cryptographic algorithms used for a variety of Internet standards.

Dubbed BERserk, the vulnerability in the Mozilla NSS library allows for attackers to forge RSA signatures. RSA is a method of encryption that helps ensure that your data is transmitted securely across the Web.

If you see a website marked with “https://,” for example, you’re accustomed to thinking that website is secure. It appears that with the discovery of BERserk, however, that may not always be the correct line of thinking.

If hackers can bypass authentication on websites utilizing Secure Sockets Layer (SSL)/Transport Layer Security(TLS), the cryptography responsible for that “https://” we’re used to seeing, sites that we perceive as secure might not be so secure after all. This means that if you’re shopping or banking on a website that uses SSL (or “https://”), your personal information could be exposed.

Firefox has issued a patch to correct for this vulnerability. If you’re a user of Firefox, you should take immediate action by updating your browser with the latest patches from Mozilla. As Google also utilizes the crypto library in question, users of Google Chrome and Chrome OS would be wise to install updates as well.

Source: McAfee