Closed Bug 2025049 Opened 3 months ago Closed 2 months ago

Felt Privacy error page does not detect clock skew for SEC_ERROR_EXPIRED_CERTIFICATE

Categories

(Firefox :: Security, defect, P2)

Product:
Firefox
Component:
Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
151 Branch
Tracking Flags:
Tracking Status
firefox151 --- fixed

People

(Reporter: jbrown, Assigned: jbrown)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 2025049 - Implement clock skew detection in Felt Privacy error page - r=niklas
48 bytes, text/x-phabricator-request
Details | Review

The Felt Privacy error page (net-error-card.mjs) does not implement clock skew detection. The SEC_ERROR_EXPIRED_CERTIFICATE config in cert-errors.mjs sets checkClockSkew: true, but nothing reads this flag. Users with an incorrect system clock see a generic expired certificate error instead of the "Your Computer Clock is Wrong" messaging that the old error page provides.

Assignee: nobody → jbrown
Attachment #9555773 - Attachment description: WIP: Bug 2025049 - Implement clock skew detection in Felt Privacy error page → Bug 2025049 - Implement clock skew detection in Felt Privacy error page - r=niklas
Status: NEW → ASSIGNED
Blocks: 1990918
Severity: -- → S3
Priority: -- → P2
Pushed by jbrown@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/8ae2dfe2c7d7 https://hg.mozilla.org/integration/autoland/rev/18cf83c17fef Implement clock skew detection in Felt Privacy error page - r=niklas,fluent-reviewers,bolsson

https://hg.mozilla.org/mozilla-central/rev/18cf83c17fef

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
status-firefox151: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 151 Branch
QA Whiteboard: [qa-triage-done-c152/b151]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: