Open Bug 1869025 Opened 2 years ago Updated 8 months ago

Firefox browser incorrectly parsed the subject key identifier of the digital certificate.

Categories

(Firefox :: Security, defect, P3)

Product:
Firefox
Component:
Security
Version:
Firefox 120
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: 2295456556, Unassigned)

References

(Blocks 2 open bugs)

Details

Attachments

(4 files)

57de1872-9364-11ee-a4a5-005056c00008108.158.57.227.pem
2.15 KB, application/x-x509-ca-cert
Details
57de1872-9364-11ee-a4a5-005056c00008108.158.57.227.der
1.52 KB, application/x-x509-ca-cert
Details
57de1872-9364-11ee-a4a5-005056c00008108.158.57.227.der
1.52 KB, application/x-x509-ca-cert
Details
J8A@0DA}8~POUHB8M0}`}FV.png
12.98 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0

Steps to reproduce:

1.Mutating a certificate.
2.Running the browser to parse the mutated certificate file.
3.Observing the results.

Actual results:

We mutated the node that represents the specific information of the user key identifier in the certificate. Chrome does not recognize this incorrect structure and displays that it cannot parse. However, Firefox simply parses and displays the sibling node of the OID node that represents the user key identifier as the node that represents the specific information of the user key identifier.

Expected results:

Firefox should recognize this incorrect structure and display a parsing error or other message

Summary: Firefox browser incorrectly parsed the user key identifier of the digital certificate. → Firefox browser incorrectly parsed the subject key identifier of the digital certificate.
OS: Unspecified → Windows 10

The Bugbug bot thinks this bug should belong to the 'Firefox::Security' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Security
QA Whiteboard: qa-not-actionable

The severity field is not set for this bug.
:serg, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(sgalich)

Redirect a needinfo that is pending on an inactive user to the triage owner.
:manuel, since the bug doesn't have a severity set, could you please set the severity or close the bug?

For more information, please visit BugBot documentation.

Flags: needinfo?(sergey.galich) → needinfo?(manuel)

Waiting for response on https://github.com/PeculiarVentures/PKI.js/issues/425

Flags: needinfo?(manuel)
Blocks: cert-viewer
See Also: → 1867580
Severity: -- → S3
Priority: -- → P3
Blocks: 1974179
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: