Open Bug 1106390 Opened 10 years ago Updated 2 years ago

signing certificate bind email mistake

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
34 Branch
Platform:
x86_64
Windows 8.1
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: wosign, Unassigned)

Details

Attachments

(1 file)

TB_bug_signing cert binding problem.JPG
136.99 KB, image/jpeg
Details 
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Build ID: 20141120192249

Steps to reproduce:

I have two certs imported in Thunderbird, one for A email, one for B email. 


Actual results:

I choose the cert for A email to B email account for signing, it don't have warning. And even it can send the signing email to others.
the interesting thing is after checking the signing email, it can find the dis-match problem, see attached picture 2.



Expected results:

the cert for A email address should only used for A email signing and encryption, can't use for B email address since the cert bind email account in subject.

you should read out the cert bind the email address when selecting a cert for signing and encryption. Currently, no any check that can select any cert for the email address.
Component: Untriaged → Security
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: