mozilla -- built-in CA certificates may be overridden

ID 8D823883-0CA9-11D9-8A8A-000C41E2CDAD
Type freebsd
Reporter FreeBSD
Modified 2004-06-29T00:00:00


Under some situations, Mozilla will automatically import a certificate from an email message or web site. This behavior can be used as a denial-of-service attack: if the certificate has a distinguished name (DN) identical to one of the built-in Certificate Authorities (CAs), then Mozilla will no longer be able to certify sites with certificates issued from that CA.