Firefox on Windows is still signed with sha1.

NEW
Unassigned

Status

()

Firefox
Build Config
6 months ago
6 months ago

People

(Reporter: 98.michael.hardy, Unassigned)

Tracking

51 Branch
Unspecified
Windows
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 months ago
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0
Build ID: 20170125094131

Steps to reproduce:

I checked the digital signatures for firefox.exe using windows explorer's file properties viewer.  


Actual results:

It said that the digest algorithm used to sign Firefox was sha1.  


Expected results:

It should be signed with sha2 or 3 (although this may break Windows XP compatibility).
(Reporter)

Updated

6 months ago
OS: Unspecified → Windows

Updated

6 months ago
Component: Activity Streams: General → Untriaged
Hi Michael, 

Thanks for reporting this, however it is already being take care of in bug 1339662. The Beta channel should already have dropped SHA-1 (bug 1338228).
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1339662

Comment 2

6 months ago
I don't think this is actually a duplicate; bug 1339662 and similar bugs are about deprecating SHA-1 in the public Web PKI, it wouldn't affect the build process.
Status: RESOLVED → REOPENED
Component: Untriaged → Build Config
Ever confirmed: true
Resolution: DUPLICATE → ---
Status: REOPENED → NEW
You need to log in before you can comment on or make changes to this bug.