Bugtraq mailing list archives

Re: Firefox 3.6 for Windows includes a forged CA cert

From: Marcus Meissner <meissner () suse de>
Date: Tue, 23 Mar 2010 10:16:06 +0100

On Fri, Mar 19, 2010 at 08:22:16PM +0000, Francis Litterio wrote:

In Firefox 3.6 for Windows, go to Tools -> Options -> Advanced -> Encryption ->
View Certificates -> Authorities and scroll down to the entry for "Equifax
Secure Inc." and you'll see a cert labeled "MD5 Collisions Inc
(http://www.phreedom.org/md5)" grouped with the other Equifax certs.

Yes, it's expired, so it poses no real threat, but why is the Mozilla Project
shipping Firefox with that cert?  It just causes FUD.


https://bugzilla.mozilla.org/show_bug.cgi?id=471715 is the associated mozilla bug.

seems intentional.

Ciao, Marcus

Current thread:

Firefox 3.6 for Windows includes a forged CA cert Francis Litterio (Mar 22)
- Re: Firefox 3.6 for Windows includes a forged CA cert dveditz (Mar 23)
- Re: Firefox 3.6 for Windows includes a forged CA cert Mike Duncan (Mar 23)
- Re: Firefox 3.6 for Windows includes a forged CA cert Marcus Meissner (Mar 23)
- <Possible follow-ups>
- Re: Firefox 3.6 for Windows includes a forged CA cert adam (Mar 23)