Closed Bug 1367614 Opened 7 years ago Closed 7 years ago

Firefox incorrectly connects to site with invalid SCT.

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
55 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: WdFCRTsSDyWZ, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:55.0) Gecko/20100101 Firefox/55.0
Build ID: 20170523030206

Steps to reproduce:

Point Firefox to site: https://invalid-expected-sct.badssl.com/


Actual results:

Firefox connects.


Expected results:

Firefox should have refused to connect because the SCT  (Signed Certificate Timestamp) is invalid.
Component: Untriaged → Security: PSM
Product: Firefox → Core
Firefox has not shipped support for CT yet.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.