Mozilla has updated its Firefox browser after fraudulent certificates for SSL-encrypted websites were issued.
Users could mistake fraudulent sites for real websites using HTTPS, and divulge personal information, Mozilla said in a blog post on Tuesday.
"Current versions of Firefox are protected from this attack," said Mozilla, after releasing Firefox 4. "We are still evaluating the possibility of further response to this issue."
The fraudulent certificates were issued in the name of Comodo Group, a certification authority.
Mozilla disclosed that addons.mozilla.org was one of the certificates acquired by the attacker, Tor developer Jacob Appelbaum said in a blog post on Tuesday.
"There is some suspicion that this action was taken by a state level adversary..." said Appelbaum.
Google issued an update for for its Chrome browser, and Microsoft has been informed of the issue, Appelbaum added.