version 1.5
Doesn't that date from the 90's ??
A pair of Intel security researchers will tomorrow delve into a class of dangerous vulnerabilities they found last month that allowed forged RSA certificates to be created by abusing the Mozilla Network Security Services (NSS) cryptographic library. Attendees at a Buenos Aires event will be walked through the fine points of …
So ... there's a bug in NSS ... and it's already been patched. There's no need to make it sound as though there's anything wrong with the standard that that part of NSS implements (which there isn't).
It's good to have a heads-up about this, but it would be much more interesting to know HOW the explot works, and why NSS's less-than-rigorous parsing of ASN.1 leads to a vulnerability in the first place.