Tim Dierks

**Name of the Vulnerable Software and Affected Versions** Mozilla versions prior to 1.7 Firefox versions prior to 0.9 Thunderbird versions prior to 0.7 **Description** The issue arises from the cert TestHostName function, which only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN). This allows remote attackers to spoof trusted certificates. **Recommendations** For Mozilla versions prior to 1.7, update to version 1.7 or later. For Firefox versions prior to 0.9, update to version 0.9 or later. For Thunderbird versions prior to 0.7, update to version 0.7 or later.