Open
Bug 1106390
Opened 10 years ago
Updated 2 years ago
signing certificate bind email mistake
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: wosign, Unassigned)
Details
Attachments
(1 file)
136.99 KB,
image/jpeg
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 20141120192249 Steps to reproduce: I have two certs imported in Thunderbird, one for A email, one for B email. Actual results: I choose the cert for A email to B email account for signing, it don't have warning. And even it can send the signing email to others. the interesting thing is after checking the signing email, it can find the dis-match problem, see attached picture 2. Expected results: the cert for A email address should only used for A email signing and encryption, can't use for B email address since the cert bind email account in subject. you should read out the cert bind the email address when selecting a cert for signing and encryption. Currently, no any check that can select any cert for the email address.
Updated•9 years ago
|
Component: Untriaged → Security
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•