You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It was found that Balrog does not verify the whole certificate chain on macOS. This
allows attackers to supply a self-signed leaf certificate, effectively indicating a bypass of
Balrog. This could be abused by state-funded attackers who are in charge of a trusted
valid certificate authority. They could perform a Man-in-the-Middle attack and replace the
binary code provided by the Mozilla VPN update with malicious malware.
It was found that Balrog does not verify the whole certificate chain on macOS. This
allows attackers to supply a self-signed leaf certificate, effectively indicating a bypass of
Balrog. This could be abused by state-funded attackers who are in charge of a trusted
valid certificate authority. They could perform a Man-in-the-Middle attack and replace the
binary code provided by the Mozilla VPN update with malicious malware.
┆Issue is synchronized with this Jira Task
The text was updated successfully, but these errors were encountered: