*** This bug is a security vulnerability *** Public security bug reported:
In http://www.win.tue.nl/hashclash/rogue-ca/ , a CA cert was created that is accepted by Firefox. This allows any web site to be impersonated. See upstream https://bugzilla.mozilla.org/show_bug.cgi?id=471539 . This may also apply to other PKI enabled packages in Ubuntu that accept MD5, including Thunderbird, Evolution, and anything that depends on openssl. ** Affects: firefox Importance: Unknown Status: Confirmed ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Bug watch added: Mozilla Bugzilla #471539 https://bugzilla.mozilla.org/show_bug.cgi?id=471539 ** Also affects: firefox via https://bugzilla.mozilla.org/show_bug.cgi?id=471539 Importance: Unknown Status: Unknown ** Also affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs