Bugtraq mailing list archives
Re: Firefox 3.6 for Windows includes a forged CA cert
From: Marcus Meissner <meissner () suse de>
Date: Tue, 23 Mar 2010 10:16:06 +0100
On Fri, Mar 19, 2010 at 08:22:16PM +0000, Francis Litterio wrote:
In Firefox 3.6 for Windows, go to Tools -> Options -> Advanced -> Encryption -> View Certificates -> Authorities and scroll down to the entry for "Equifax Secure Inc." and you'll see a cert labeled "MD5 Collisions Inc (http://www.phreedom.org/md5)" grouped with the other Equifax certs. Yes, it's expired, so it poses no real threat, but why is the Mozilla Project shipping Firefox with that cert? It just causes FUD.
https://bugzilla.mozilla.org/show_bug.cgi?id=471715 is the associated mozilla bug. seems intentional. Ciao, Marcus
Current thread:
- Firefox 3.6 for Windows includes a forged CA cert Francis Litterio (Mar 22)
- Re: Firefox 3.6 for Windows includes a forged CA cert dveditz (Mar 23)
- Re: Firefox 3.6 for Windows includes a forged CA cert Mike Duncan (Mar 23)
- Re: Firefox 3.6 for Windows includes a forged CA cert Marcus Meissner (Mar 23)
- <Possible follow-ups>
- Re: Firefox 3.6 for Windows includes a forged CA cert adam (Mar 23)