Open Bug 1280905 Opened 8 years ago Updated 2 years ago

Handling downgrade attacks

Tracking

()

Status:

NEW

People

(Reporter: franziskus, Unassigned)

References

Details

(Whiteboard: [domsecurity-backlog3])

Franziskus Kiefer [:franziskus]

Reporter

Description

•

8 years ago

An attacker can force Firefox to accept old, signed remote newtab pages.

This is probably not a problem as long as those pages are safe. But in the case a "malicious"/bad newtab page got signed we have to revoke the certificate.
If we want to have a more general solution to this we would probably have to do something similar to bug 1280877.

Christoph Kerschbaumer [:ckerschb]

Updated

•

8 years ago

Whiteboard: [domsecurity-backlog]

Christoph Kerschbaumer [:ckerschb]

Updated

•

8 years ago

Priority: -- → P3

Christoph Kerschbaumer [:ckerschb]

Updated

•

8 years ago

Whiteboard: [domsecurity-backlog] → [domsecurity-backlog3]

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Handling downgrade attacks

Categories

(Core :: DOM: Security, defect, P3)

Tracking

()

People

(Reporter: franziskus, Unassigned)

References

Details

(Whiteboard: [domsecurity-backlog3])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated