BugTraq
Firefox 3.6 for Windows includes a forged CA cert Mar 19 2010 08:22PM
Francis Litterio (flitterio gmail com) (3 replies)
Re: Firefox 3.6 for Windows includes a forged CA cert Mar 23 2010 09:16AM
Marcus Meissner (meissner suse de)
Re: Firefox 3.6 for Windows includes a forged CA cert Mar 22 2010 06:34PM
dveditz cruzio com
> a cert labeled "MD5 Collisions Inc (http://www.phreedom.org/md5)" [...]
> Yes, it's expired, so it poses no real threat, but why is the Mozilla
> Project shipping Firefox with that cert? It just causes FUD.

This is an override for the forged cert, with all trust bits removed. That
way should the demo cert make it into the wild users will get a hard
failure rather than an overridable one. We worried that many users are
trained to accept "expired" certs as fairly normal and not notice it was
an expired intermediate rather than the end cert.

For more information please see
https://bugzilla.mozilla.org/show_bug.cgi?id=471715

-Dan Veditz

[ reply ]
Re: Firefox 3.6 for Windows includes a forged CA cert Mar 22 2010 05:35PM
Mike Duncan (Mike Duncan noaa gov)


 

Privacy Statement
Copyright 2010, SecurityFocus