Importing a self-made certificate (call it x) with the same DN (but different
serial nr) as a built-in CA root cert (called b) overrides the built-in one:
trying to open a SSL page protected by a cert signed by b throws an error -8182
('certificate presented by xyz.com is invalid or corrupt') -> Denial of Service.
This could be automated when importing x via mime type
application/x-x509-email-cert, causing Mozilla to import the cert silently (bug
This is also possible via email messages, calling the cert x link inside an
<iframe> tag, leading to a silent import of x when opening or previewing the
message (bug Nr. 3).
Conclusion: fully automatical DoS of the entire cert store via email is
possible, no user interaction needed.
Waiting for an upstream fix.
mozilla patch is ready, see also http://bugzilla.mozilla.org/show_bug.cgi?id=253121
Thnaks for the feedback Carlo.
mozilla team : do you think we should apply fix to our ebuilds or wait for Moz 1.7.2 / FireFox 0.9.3 ?
*** Bug 58709 has been marked as a duplicate of this bug. ***
0.9.3 and 1.7.2 are out.
Using bug 59419 as a metabug.
*** This bug has been marked as a duplicate of 59419 ***