[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Firefox 3.6 for Windows includes a forged CA cert

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Firefox 3.6 for Windows includes a forged CA cert
From: Francis Litterio <flitterio@xxxxxxxxx>
Date: Fri, 19 Mar 2010 20:22:16 +0000 (UTC)

In Firefox 3.6 for Windows, go to Tools -> Options -> Advanced -> Encryption ->
View Certificates -> Authorities and scroll down to the entry for "Equifax
Secure Inc." and you'll see a cert labeled "MD5 Collisions Inc
(http://www.phreedom.org/md5)" grouped with the other Equifax certs.

Yes, it's expired, so it poses no real threat, but why is the Mozilla Project
shipping Firefox with that cert?  It just causes FUD.
--
Fran

Follow-Ups:
- Re: Firefox 3.6 for Windows includes a forged CA cert
  - From: dveditz
- Re: Firefox 3.6 for Windows includes a forged CA cert
  - From: Mike Duncan
- Re: Firefox 3.6 for Windows includes a forged CA cert
  - From: Marcus Meissner

Prev by Date: Aris AGX agXchange ESM Open Redirection Vulnerability
Next by Date: IBM Lotus 6.x names.nsf Cross Site Scripting Vulnerability
Previous by thread: Aris AGX agXchange ESM Open Redirection Vulnerability
Next by thread: Re: Firefox 3.6 for Windows includes a forged CA cert
Index(es):
- Date
- Thread