It has emerged that the Mozilla Firefox add-ons web page was affected in the same scam that saw Dutch SSL certificate authority DigiNotar issue fraudulent certificates for various sites including Google.com.
Director of Firefox engineering Johnathan Nightingale responded to V3 in a statement: "DigiNotar informed us that they issued fraudulent certs for addons.mozilla.org in July, and revoked them within a few days of issue.
"In the absence of a full account of mis-issued certificates from DigiNotar, the Mozilla team moved quickly to remove DigiNotar from our root program and protect our users."
DigiNotar parent company Vasco admitted in a release on Tuesday that several certificates were erroneously issued after an "intrusion into its certificate authority infrastructure" on 19 July.
"At that time, an external security audit concluded that all fraudulently issued certificates were revoked," the company added at the time.
"Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. After being notified by Dutch government organisation Govcert, DigiNotar took immediate action and revoked the [Google.com] fraudulent certificate."
Mozilla did not say whether the hackers managed to use the fraudulent certificates to launch man-in-the-middle attacks on Firefox users before the certificates were revoked.
Google, on the other hand, admitted that such attacks had been attempted mainly against Iranian users using the relevant stolen certificate.
To many, the news of another certificate authority being compromised just months after the Comodo debacle is proof that the current system for authenticating web sites is broken.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago