Closed Bug 1857568 Opened 2 years ago Closed 2 years ago

Chrome and Firefox parse certificate subject name information in digital certificates differently

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: 2295456556, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(4 files)

T8H0L%CQJIW4UB$)_}A%I6Y.png
39.94 KB, image/png
Details
625fee75-5891-11ee-9e25-202b206f6d12www.apple.com_1.der
2.03 KB, application/x-x509-ca-cert
Details
625fee75-5891-11ee-9e25-202b206f6d12www.apple.com_1.pem
2.85 KB, application/octet-stream
Details
rsa_praviatekey_2048bit.pem
1.69 KB, application/octet-stream
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Edg/113.0.1774.35

Steps to reproduce:

1.Use Python to create a local server (e.g. using Flask) and specify a mutated certificate and private key. Access the Flask provided url in Chrome.
2.In Firefox, visit the url about:certificate?cert=(processed pem data) containing the certificate information.
3.In your own developers'way, let the browser parse mutated certificate files, then observe the results.

Actual results:

Description: We tested with a mutated digital certificate as a test case. We have discovered differences in the parsing results of the certificate subject name for mutated digital certificates between Google Chrome and Mozilla Firefox browsers.
OS: Windows 10 22H2 19045.2604
My expectations: Confirm whether this is a security bug or a UI bug.

Expected results:

I don't know which of these two different certificate subject name is correct or displaying non-standard characters in the subject name on the certificate itself is an error. So I need you to confirm whether this difference is a bug or not.

The public key of the certificate is generated by myself using my own private key and has been replaced.

The Bugbug bot thinks this bug should belong to the 'Core::Security: PSM' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Security: PSM
Product: Firefox → Core

Firefox does not make trust decisions based on how the certificate viewer displays certificates. At most, this is a display issue.

Component: Security: PSM → Security
Product: Core → Firefox
Version: 17 Branch → unspecified
QA Whiteboard: qa-not-actionable

So please ask if this is a bug

The severity field is not set for this bug.
:serg, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(sgalich)

Thanks for raising this question!

Firefox displays ÷ which is encoded in the attached file.
Chrome displays a symbol used when font doesn't have a glyph for the ÷.

This is not a bug, it's just Chrome uses font that doesn't have a glyph for the ÷

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Flags: needinfo?(sgalich)
Resolution: --- → INVALID
Blocks: 1974179
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: