Possible to send encrypted mail using untrusted recipient certs



MailNews Core
Security: S/MIME
16 years ago
9 years ago


(Reporter: kaie, Assigned: kaie)


1.0 Branch

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [adt1 rtm] [ETA 06/18])


(1 attachment)

1.47 KB, patch
Javier Delgadillo
: review+
Scott MacGregor
: superreview+
Judson Valeski
: approval+
Details | Diff | Splinter Review


16 years ago
Make sure you have a cert from someone else.
Edit the trust of the CA that signed the cert.
Compose a message to that person, choose "encrypted".
Open the "message security" info. You'll see that the dialog says "not trusted"
for the recipient cert.
Send the message.

Actual behaviour: Sending works.

Expected behaviour: Sending is blocked and an error message about the non
trusted cert is shown.


16 years ago
QA Contact: alam → carosendahl

Comment 1

16 years ago
This seems serious enough to warrant fixing by RTM.
Priority: -- → P1
Target Milestone: --- → 2.2

Comment 2

16 years ago
taking, raising priority
Assignee: ssaux → kaie
Keywords: nsbeta1+
Whiteboard: [adt2 rtm]
Target Milestone: 2.2 → 2.3

Comment 3

16 years ago
Stephane, Charles, today I said in our meeting, for fixing this bug we probably
need a new error message, but I do no longer think so. We can use the same error
message that is shown when there are no certs found at all, because that message
includes the information to check for valid recipient certs.

Comment 4

16 years ago
changed to ADT1 as this is a security hole.
Severity: normal → major
Whiteboard: [adt2 rtm] → [adt1 rtm]
Version: unspecified → 2.3

Comment 5

16 years ago
Created attachment 86793 [details] [diff] [review]
Suggested Fix

Comment 6

16 years ago
Comment on attachment 86793 [details] [diff] [review]
Suggested Fix

Attachment #86793 - Flags: review+

Comment 7

16 years ago
Other than manually editing the cert, how does one get into this situation?  Is
there any way that an attacker can cause this situation remotely?

This looks like a good patch to take since the code used to only require the
existence of the cert and now requires it to also be a good cert.

Comment 8

16 years ago
> Other than manually editing the cert, how does one get into this situation?

A certificate can become invalid if it expires or if it gets revoked, and the
deployment uses "Certificate Revocation Lists". The application should not allow
to use revoked certificates.

I recommend to take the patch for the branch.

Comment 9

16 years ago
Comment on attachment 86793 [details] [diff] [review]
Suggested Fix

Attachment #86793 - Flags: superreview+

Comment 10

16 years ago
Checked in to trunk.
Keywords: adt1.0.1


16 years ago
Keywords: mozilla1.0.1

Comment 11

16 years ago
Checked into trunk
Last Resolved: 16 years ago
Resolution: --- → FIXED

Comment 12

16 years ago
Verified on 20020614 Trunk Builds.  Mark fixed1.0.1 when on the branch.

Also, when will the counterpart to this fix, bug 136445 be in?  Currently, If
the CA is not in the trusted list, a user cert will not verify and will not
therefore get added to the other people's tab.  I'll add further comments to bug

Comment 13

16 years ago
adt1.0.1+ (on ADT's behalf) approavl for checkin to the 1.0 branch, pending
Drivers' approval. pls check this in asap, then add the "fixed1.0.1" keyword.
Keywords: approval
Whiteboard: [adt1 rtm] → [adt1 rtm] [ETA 06/18]


16 years ago
Keywords: adt1.0.1 → adt1.0.1+


16 years ago
Attachment #86793 - Flags: approval+

Comment 14

16 years ago
please checkin to the 1.0.1 branch. once there, remove the "mozilla1.0.1+"
keyword and add the "fixed1.0.1" keyword.
Keywords: mozilla1.0.1 → mozilla1.0.1+

Comment 15

16 years ago
Checked in to 1_0 branch.
Keywords: adt1.0.1+, mozilla1.0.1+ → fixed1.0.1

Comment 16

16 years ago
Verified on the 20020620 branch builds.
Keywords: fixed1.0.1 → verified1.0.1


13 years ago
Component: Security: S/MIME → Security: S/MIME
Product: PSM → Core


10 years ago
Version: psm2.3 → 1.0 Branch


9 years ago
Component: Security: S/MIME → Security: S/MIME
Product: Core → MailNews Core
QA Contact: carosendahl → s.mime
You need to log in before you can comment on or make changes to this bug.