Open Bug 1857576 Opened 2 years ago Updated 5 months ago

Chrome and Firefox parse certificate CRL and Cert Policies in digital certificates differently

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: 2295456556, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(5 files)

9ba9df26-6139-11ee-a379-202b206f6d12systemjs.1688.com_1.der
1.86 KB, application/x-x509-ca-cert
Details
9ba9df26-6139-11ee-a379-202b206f6d12systemjs.1688.com_1.pem
2.61 KB, application/octet-stream
Details
LIBK8Y9{Y{O%W{~3`LUR5%E.png
45.62 KB, image/png
Details
UQNUG0WG83ANOO_OP%05HX6.png
26.25 KB, image/png
Details
rsa_praviatekey_2048bit.pem
1.69 KB, application/octet-stream
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Edg/113.0.1774.35

Steps to reproduce:

1.Use Python to create a local server (e.g. using Flask) and specify a mutated certificate and private key. Access the Flask provided url in Chrome.
2.In Firefox, visit the url about:certificate?cert=(processed pem data) containing the certificate information.
3.In your own developers'way, let the browser parse mutated certificate files, then observe the results.

Actual results:

Description: We tested with a mutated digital certificate as a test case. We have discovered differences in the parsing results of the certificate CRL and Cert Policies for mutated digital certificates between Google Chrome and Mozilla Firefox browsers.
Mutation Strategy: Exchange a distribution point URL node in CRL and a domain name node in Cert Policies through TLV structure.
OS: Windows 10 22H2 19045.2604
My expectations: Confirm whether this is a security bug or a UI bug
Additional Comments:The public key of the certificate is generated by myself using my own private key and has been replaced.

Expected results:

I don't know which of these two different certificate CRL and Cert Policies is correct. So I need you to confirm whether this difference is a bug or not

The Bugbug bot thinks this bug should belong to the 'Core::Security: PSM' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Security: PSM
Product: Firefox → Core

Firefox does not make trust decisions based on how the certificate viewer displays certificates. At most, this is a display issue.

Component: Security: PSM → Security
Product: Core → Firefox
Version: 17 Branch → unspecified
QA Whiteboard: qa-not-actionable

So please ask if this is a bug

The severity field is not set for this bug.
:serg, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(sgalich)

About the CRL field, I think firefox mistakenly recognized the DNS name as a URL

Severity: -- → S3
Flags: needinfo?(sgalich)
Blocks: 1974179
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: