Firefox incorrectly connects to site with invalid SCT.

RESOLVED INVALID

Status

()

RESOLVED INVALID
a year ago
a year ago

People

(Reporter: WdFCRTsSDyWZ, Unassigned)

Tracking

55 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:55.0) Gecko/20100101 Firefox/55.0
Build ID: 20170523030206

Steps to reproduce:

Point Firefox to site: https://invalid-expected-sct.badssl.com/


Actual results:

Firefox connects.


Expected results:

Firefox should have refused to connect because the SCT  (Signed Certificate Timestamp) is invalid.

Updated

a year ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
Firefox has not shipped support for CT yet.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.