Open
Bug 1280905
Opened 8 years ago
Updated 2 years ago
Handling downgrade attacks
Categories
(Core :: DOM: Security, defect, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: franziskus, Unassigned)
References
Details
(Whiteboard: [domsecurity-backlog3])
An attacker can force Firefox to accept old, signed remote newtab pages. This is probably not a problem as long as those pages are safe. But in the case a "malicious"/bad newtab page got signed we have to revoke the certificate. If we want to have a more general solution to this we would probably have to do something similar to bug 1280877.
Updated•8 years ago
|
Whiteboard: [domsecurity-backlog]
Updated•8 years ago
|
Priority: -- → P3
Updated•8 years ago
|
Whiteboard: [domsecurity-backlog] → [domsecurity-backlog3]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•