Closed Bug 685510 Opened 14 years ago Closed 14 years ago

DigiNotar certificates NOT blocked in Camino

Categories

(Camino Graveyard :: Security, defect)

Product:
Camino Graveyard
Component:
Security
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: Dante_WRX, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en; rv:1.9.0.19) Gecko/2011032020 Camino/2.0.7 (MultiLang) (like Firefox/3.0.19) Build ID: 2011032020 Steps to reproduce: Using Camino Version 2.0.7 (1.9.0.19 2011032020) and making sure that DigiNotar certificates were NOT trusted under Preferences> Security> Show Certificates> Authorities. Actual results: DigiNotar certificates were TRUSTED as a default. =( I was very surprised as there was an entire Firefox update that warned users to delete DigiNotar and other compromised certificates as widely reported in the news due to hacking. Expected results: DigiNotar certificates should have been UNTRUSTED per other Mozilla products. I will now double-check my SeaMonkey preferences, too. Please update and relay message to other users -- also, please alert Camino users other compromised authorities/certificates. (Staat der Nederlanden Root CA / CA-G2?) fyi- I'm a brand new user to Camino)
There's an entire Camino update warning users to do that, too, but it just hasn't happened yet due to various resource constraints (i.e., we need more manpower). Coming very soon, though. This will be FIXED in 2.0.8. cl
Closing fixed since the engineering work for Camino itself is done here, it's just not yet released.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Specifically, we've TWICE dropped everything and made Camino release builds to address this issue, but each time as we were ready to release them, Mozilla Corp either discovered bugs in the patches to fix the problem or additional DigiNotar compromises were detected. Rather than release an update followed by another update the next day followed by a third update the next day to get everything all correct, we waited to produce one correct update. Assuming that there are not more patches ready to fix other issues caused by the same hacker, Camino 2.0.8 should be available tomorrow. In the meantime, you can view the CA certificate in Camino's certificates window and uncheck the trust checkboxes, or manually import the "knockout certificates" that will ship in 2.0.8 from Gecko security developer Kai Engert's website, https://kuix.de/q/knockout20110906/
Flags: camino2.0.8+
Thanks for the follow-through! Updated Camino and everything's copacetic. p.s.- like the way you guys highlighted "Unable" in red. (If only Firefox labeled it as obviously as well...)
You need to log in before you can comment on or make changes to this bug.