A flaw in Mozilla’s embedded certificate code might allow web sites to install root certificates on devices without user approval.
