Status

NSS
Libraries
--
enhancement
7 years ago
7 years ago

People

(Reporter: gerv, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Currently, when you click on a CRL link like this:
http://crl.comodoca.com/UTN-USERFirst-Hardware.crl
Firefox automatically passes the CRL to NSS, which imports it with no way to cancel. You then get asked whether to enable auto-update or not.

This means the CRL import code is part of our web-facing attack surface, and I suggest it should be fuzz-tested.

Gerv
You need to log in before you can comment on or make changes to this bug.