Closed Bug 1367614 Opened 8 years ago Closed 8 years ago

Firefox incorrectly connects to site with invalid SCT.

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
55 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: WdFCRTsSDyWZ, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:55.0) Gecko/20100101 Firefox/55.0 Build ID: 20170523030206 Steps to reproduce: Point Firefox to site: https://invalid-expected-sct.badssl.com/ Actual results: Firefox connects. Expected results: Firefox should have refused to connect because the SCT (Signed Certificate Timestamp) is invalid.
Component: Untriaged → Security: PSM
Product: Firefox → Core
Firefox has not shipped support for CT yet.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.