For those following along at home the incident report with details is in bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1556948
Cheers, Julien On Wed, Jun 5, 2019 at 8:17 AM Jeremy Rowley via dev-security-policy < [email protected]> wrote: > I just posted this incident report. The summary is we had an issue where a > certain path allowed issuance of certs for example.com when only > www.example.com <http://www.example.com> was verified. This incident > happened previously with Comodo here: > > https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/PoMZvss_PR > o/TK8L-lK0EwAJ > <https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/PoMZvss_PRo/TK8L-lK0EwAJ>. > At that time we checked out code, but missed a path. > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
