Firefox 3.6 for Windows includes a forged CA cert

From: Francis Litterio <flitterio@gmail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: Firefox 3.6 for Windows includes a forged CA cert
Date:


In Firefox 3.6 for Windows, go to Tools -> Options -> Advanced -> Encryption ->
View Certificates -> Authorities and scroll down to the entry for "Equifax
Secure Inc." and you'll see a cert labeled "MD5 Collisions Inc
(http://www.phreedom.org/md5)" grouped with the other Equifax certs.

Yes, it's expired, so it poses no real threat, but why is the Mozilla Project
shipping Firefox with that cert?  It just causes FUD.
--
Fran






Copyright © 1995-2020 LinuxRocket.net. All rights reserved.