Check for built-in root certificates in update service depends on English value of l10n'd string

RESOLVED INVALID

Status

()

Core
Security: PSM
RESOLVED INVALID
7 years ago
4 years ago

People

(Reporter: briansmith, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

+++ This bug was initially created as a clone of Bug #626363 +++

There is some security-sensitive code in the browser that requires the builtin security token's name to be exactly as it is in the US English locale--i.e. the name of the module must be left unlocalized.

In particular, there is some code in the updating logic that tries to ensure that the root cert of the update server is a root cert in the built-in security token; it does this by checking the name of the device that the device lives on. There might be more instances of the same problem.
My mistake -- the check is actually against a different, non-localizable string "Builtin Object Token" vs "Builtin Roots Module".
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INVALID
Summary: [l10n] truncated strings in Security Devices window → Check for built-in root certificates in update service depends on English value of l10n'd string
Group: core-security
You need to log in before you can comment on or make changes to this bug.