Closed Bug 1244620 Opened 9 years ago Closed 9 years ago

Bogus certificate in Firefox impossible to delete

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
44 Branch
Platform:
x86_64
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 950538

People

(Reporter: amazighsoul, Unassigned)

Details

Attachments

(1 file)

bogus certificate in FF impossible to remove
84.46 KB, image/png
Details
Bogus certificate most likely injected into Firefox by a security suite (Kaspersky Total Security 16.0.0.614) that installs also an unsigned extension are impossible to remove even after removing this extension. I did a fresh install after removing the existing version, didn't bring the extension but it still have the bogus certificate that make Firefox unable to connect to many websites when the security suite is running. Firefox is connecting normally to all the disabled websites with the correct certificate but still can't delete those bogus certificate even in this case. those certificate are just shown in Firefox, many other browsers are working fine with the correct certificate (not the one imposed by the security suite). this certificate aren't present in windows certificate manager. This certificates make FF unsafe for it's users and put their privacy at risk.
What happens when you click the "Delete" button in the dialog in your screenshot? That is, what do you mean by "can't delete" ?
Group: firefox-core-security → core-security
Component: Security → Security: PSM
Flags: needinfo?(amazighsoul)
Product: Firefox → Core
This is an artifact of how blocking specific certificates used to work (these were blocked as a result of an attack against a Comodo partner - see bug 642815 and bug 642395). I believe this would be fixed if we implemented bug 829677.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
(In reply to :Gijs Kruitbosch from comment #1) > What happens when you click the "Delete" button in the dialog in your > screenshot? That is, what do you mean by "can't delete" ? they are not anymore shown, for the session, in the FF certificate manager however FF still can't establish a secure connexion to some website or authenticate those website using their respective certificate even if the Kaspersky root certificate is disabled in the windows certificate manager. The bogus certificate comeback the next time FF is launched.
Flags: needinfo?(amazighsoul)
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: