In response to the news that hundreds of web site SSL certificates were hacked from (fraudulently issed by) DigiNotar, the Mozilla foundation taken drastic action: permanently blocking all DigiNotar certificates in the latest version(s) of Firefox.
So, what does that have to do with site redirection?
My guess is that a hacked certificate has been discovered for mozilla.com. This morning I found that attempts to browse the site mozilla.com are being redirected to mozilla.org. Even the beloved What’s New page, redirects to mozilla.org.
So, back to the versions of Firefox that revoke the DigiNotar certificates: So far, I’ve found updated versions for Firefox 6 (6.0.2) and Firefox 3.6 (3.6.22). I tested Firefox 6.0.2 on the URL https://www.diginotar.com/, and it does block the SSL connection attempt with a message that the “Peer’s Certificate has been revoked.”
As of the time of this writing, the redirected page http://www.mozilla.org/en-US/firefox/fx/ is still offering Firefox 6.0.1 for download, however: if you hack the download URL, you it will deliver version 6.0.2!
I’ve updated my directions for building and installing the latest Firefox on Slackware64 13.37 to reflect the shiny new (as-of-yet-unreleased) version.
Considering the fraudulent SSL certificates along with recent DNS hacks in the news, the web feels a little less safe today.