|Type||Certificate verification bypass|
Due to flaws in the process used to update "Preloaded Public Key Pinning", the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected.
|22 Sep 2016||ASA-201609-22||AVG-24||firefox||Critical||multiple issues|