Clarifying my assumptions with this question: Does comment 9 mean that mozpkix is not vulnerable, and will detect and reject such crafted certificates, when calling GetDefaultCertVerifier()->VerifyCert() ?
Bug 1737470 Comment 28 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Please help me clarify my assumption from comment 27: Does comment 9 mean that mozpkix is not vulnerable, and will detect and reject such crafted certificates, when calling GetDefaultCertVerifier()->VerifyCert() ?