Closed
Bug 892288
Opened 12 years ago
Closed 11 years ago
Remove ability to trust user-added certificates for code signing
Categories
(Firefox for Android Graveyard :: Web Apps (PWAs), defect)
Firefox for Android Graveyard
Web Apps (PWAs)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: briansmith, Assigned: briansmith)
References
Details
I just found out that Android implemented the ability to install certificates, for example by clicking this link: http://www.cacert.org/certs/root.der.
The dialog box offers the user to trust the certificate for code signing. With the MOZ_B2G_CERTDATA hack, we aren't supposed to ever trust any certificate for code signing except the Mozilla Marketplace root certificate.
So, we need to change that dialog box so that it doesn't offer the ability to import certs for code signing. And, we need to somehow deal with existing user-added code signing certificates so that we don't trust them for code signing. And, we should probably prevent extensions from adding new code signing certificates.
Assignee | ||
Comment 1•11 years ago
|
||
This will be RESOLVED INVALID after bug 972201 is fixed.
Assignee: nobody → brian
Depends on: 972201
Assignee | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•