Mozilla issued an update for Firefox 3.5.2 and 3.0.13 that squashes four critical security bugs in the popular open-source browser, including one that could make it easy for attackers to spoof SSL certificates used to secure websites. The vulnerability meant Firefox could be tricked by rogue certificates, a potentially dangerous scenario that could allow attackers to create convincing-looking forgeries of websites used for banking, email and other sensitive services. The technique works by adding a simple null string character to several certificate fields and was independently reported at the Black Hat security conference by researchers Moxie Marlinspike and Dan Kaminsky.