Mozilla Firefox needs patching urgently following the discovery that the open source browser is vulnerable to SSL man-in-the-middle attacks.
The critical bug arises because the Network Security Services (NSS) libraries parser built into the browser is capable of being tricked into accepting forged RSA certificate signatures.
Man-in-the-middle attacks create a means for attackers to impersonate a bank or webmail provider, tricking surfers into handing over logon credentials that can be relayed to the genuine organisation.
Normally surfers would be confronted with a warning that the certificate of the site was invalid, but this would not happen in cases where man-in-the-middle attacks are in play.
