Closed Bug 892288 Opened 10 years ago Closed 9 years ago
Remove ability to trust user-added certificates for code signing
(Firefox for Android Graveyard :: Web Apps (PWAs), defect)
(Reporter: briansmith, Assigned: briansmith)
I just found out that Android implemented the ability to install certificates, for example by clicking this link: http://www.cacert.org/certs/root.der. The dialog box offers the user to trust the certificate for code signing. With the MOZ_B2G_CERTDATA hack, we aren't supposed to ever trust any certificate for code signing except the Mozilla Marketplace root certificate. So, we need to change that dialog box so that it doesn't offer the ability to import certs for code signing. And, we need to somehow deal with existing user-added code signing certificates so that we don't trust them for code signing. And, we should probably prevent extensions from adding new code signing certificates.
9 years ago
This will be RESOLVED INVALID after bug 972201 is fixed.
Assignee: nobody → brian
Depends on: 972201
9 years ago
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
3 years ago
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.