A newly discovered critical vulnerability in the Mozilla Network Security Services (NSS) cryptographic library can be abused to create forged RSA certificates. Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for legitimate sites. This could be used by attackers to trick victims into revealing personal information (like usernames and passwords) or downloading malware. Mozilla has released updates to fix the issue; Google has already issued an update for Chrome. The CERT Coordination Center at Carnegie Mellon University also released an advisory on the issue.”]