Full Report
Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates. [...]
Analysis Summary
# Vulnerability: Firefox Root Certificate Expiration Issue
## CVE Details
- CVE ID: Not explicitly provided in the text, this is related to a known, time-based operational failure rather than a traditional security vulnerability exploitable by adversaries in the context described.
- CVSS Score: N/A (Time-based operational failure/deprecation issue)
- CWE: N/A
## Affected Systems
- Products: Mozilla Firefox, Firefox-based browsers (e.g., Tor, LibreWolf, Waterfox)
- Versions: Versions older than Firefox 128 (or ESR 115).
- Configurations: Affects all platforms including Windows, Android, Linux, and macOS. iOS is excluded due to independent root certificate management.
## Vulnerability Description
The primary issue is the expiration of a critical root certificate utilized by Mozilla Firefox. Versions older than **Firefox 128** (or ESR 115) will fail to recognize the updated, trusted certificates. This leads to significant security and functionality degradation, including the inability to use add-ons, possible failure of password alerts, and acceptance of untrusted/fraudulent websites without warnings.
## Exploitation
- Status: This is primarily an operational and trust failure rather than an adversarial exploit, though it lowers the security posture significantly.
- Complexity: N/A (Operationally forced failure)
- Attack Vector: N/A (Self-imposed expiration)
## Impact
- Confidentiality: High (Risk from connecting to fraudulent sites; potential bypass of security protections by malicious add-ons).
- Integrity: High (Risk from connecting to fraudulent sites; inability to trust site authenticity).
- Availability: Medium (Potential failure of add-on functionality and general browsing difficulty due to security errors).
## Remediation
### Patches
- Users must update to **Firefox version 128 or later**. (Checking **Menu** > **Help** > **About Firefox** will trigger an automatic update check.)
- Users relying on derived browsers (Tor, LibreWolf, Waterfox) must ensure they are based on Firefox 128 or later.
### Workarounds
- Users *may* continue using older versions by manually accepting the security risks when prompted, but this severely impacts functionality and security. This is strongly discouraged by Mozilla.
## Detection
- Detection: Users can check their version via **Menu** > **Help** > **About Firefox**. If the version is below 128, they are impacted.
- Detection Methods and Tools: N/A (This is related to internal application trust store maintenance.)
## References
- Vendor advisories: Mozilla support document regarding root certificate expiration (support dot mozilla dot org slash en-US slash kb slash root-certificate-expiration)
- Support thread: support dot mozilla dot org slash en-US slash questions slash 1468274