"MD5 Collisions Inc." (expried) fake SSL certificate is installed as standard
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox-3.5 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: firefox-3.5
I have noticed that there is an SSL CA certificate for "MD5 Collisions Inc. (http://
OK, so the validity dates in the certificate (31 July 2004 - 2 Sept 2004) and the fact that it was created as a proof-of-concept mean that it is implausible that it could be used (and so I'm not marking this as a security vulnerability,) but it's inclusion seems rather odd.
ProblemType: Bug
Architecture: i386
Date: Sat Nov 14 18:08:05 2009
DistroRelease: Ubuntu 9.10
Package: firefox-3.5 3.5.5+nobinonly
ProcEnviron:
LANGUAGE=
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: firefox-3.5
Uname: Linux 2.6.31-14-generic i686
Andrew, myself and others have looked for this certificate in various versions of firefox and cannot find it. Is it possible that it may be leftover from a much older version of firefox or that you have forgotten that you accepted this certificate at some point?