Closed Bug 1496467 Opened 6 years ago Closed 6 years ago

Enable Symantec Distrust in Firefox 64 Beta

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla64

Tracking Flags:

Tracking

Status

relnote-firefox

---

64+

firefox64

---

fixed

People

(Reporter: wthayer, Assigned: jcj)

Details

(Keywords: site-compat)

Attachments

(1 file)

Bug 1496467 - Enable Symantec Distrust in Firefox 64 r?keeler 6 years ago J.C. Jones [:jcj] (he/him) 46 bytes, text/x-phabricator-request		Details \| Review

Wayne Thayer

Reporter

Description

•

6 years ago

In bug 1460062, we defaulted "security.pki.distrust_ca_policy" pref to the value of 2 in Nightly, but prevented the change from riding into 63 Beta or Release. Now we want the change to remain in 64 Nightly and to be made in 64 Beta and Release when they ship.

This should be documented in release notes.

J.C. Jones [:jcj] (he/him)

Assignee

Updated

•

6 years ago

Assignee: nobody → jjones

Status: NEW → ASSIGNED

J.C. Jones [:jcj] (he/him)

Assignee

Comment 1

•

6 years ago

Attached file Bug 1496467 - Enable Symantec Distrust in Firefox 64 r?keeler — Details

The symantec distrust should now ride-the-trains in Firefox 64 Beta and Release.
Set security.pki.distrust_ca_policy to 2.

Pulsebot

Comment 2

•

6 years ago

Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/31e9bd2f1ef7
Enable Symantec Distrust in Firefox 64 r=keeler

Natalia Csoregi [:nataliaCs]

Comment 3

•

6 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/31e9bd2f1ef7

Status: ASSIGNED → RESOLVED

Closed: 6 years ago

status-firefox64: --- → fixed

Resolution: --- → FIXED

Julien Cristau [:jcristau] (back April 22)

Comment 4

•

6 years ago

Release Note Request (optional, but appreciated)
[Why is this notable]: a chunk of TLS certificates get distrusted
[Affects Firefox for Android]: yes
[Suggested wording]: TLS certificates issued by the Symantec certificate authority are no longer trusted by Firefox
[Links (documentation, blog post, etc)]:
https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-symantec-tls-certificates/
https://blog.nightly.mozilla.org/2018/08/14/symantec-distrust-in-firefox-nightly-63/
https://wiki.mozilla.org/CA:Symantec_Issues

(happy to change the text, mostly just setting the flag so I get to this for 64.0beta)

relnote-firefox: --- → ?

Julien Cristau [:jcristau] (back April 22)

Comment 5

•

6 years ago

Added to 64beta relnotes:
TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible, before Firefox 64 final release on December 11.

relnote-firefox: ? → 64+

Kohei Yoshino [:kohei]

Comment 6

•

6 years ago

Updated the site compatibility note: https://www.fxsitecompat.com/en-CA/docs/2018/symantec-geotrust-rapidssl-thawte-verisign-certificates-will-all-be-distrusted-in-october-2018/

Keywords: site-compat

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Enable Symantec Distrust in Firefox 64 Beta

Categories

(Core :: Security: PSM, enhancement, P1)

Tracking

()

People

(Reporter: wthayer, Assigned: jcj)

References

Details

(Keywords: site-compat)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type