Extended Validation, or EV certificates, are supported by all current Web browsers, which display a special icon or shade the address bar when the user surfs to a site secured by one. Microsoft's own , for instance, turns the entire address bar green when it encounters a site secured by an EV certificate, while 's tints part of its address bar the same color.

Although Microsoft didn't offer any specific steps for users to take to protect themselves in light of today's disclosures, it urged them to keep Windows updated with the latest software patches.

Microsoft wasn't the only company that responded to the news about the exploit of the MD5 bug. Earlier today, that the MD5 algorithm could be hacked and that phony digital certificates could be created as a result.

"This is not an attack on a Mozilla product, but we are nevertheless working with affected certificate authorities to ensure that their issuing processes are updated to prevent this threat," Johnathan Nightingale, a Mozilla spokesman on security issues, wrote in an entry posted on the company's blog. Like Microsoft's advisory, Nightingale's warning also said that Mozilla hadn't seen any evidence of actual attacks.

Even so, Nightingale recommended that Firefox users remain watchful. "We advise users to exercise caution when interacting with sites that require sensitive information, particularly when using public Internet connections," he wrote.