X
Tap here to go to the mobile version of the site.

Support Forum

diginotar still present

Posted

I am running Firefox 13.01 for a Macox and it still has Diginotar certificate under certificate manager. Should this be the case?

I am running Firefox 13.01 for a Macox and it still has Diginotar certificate under certificate manager. Should this be the case?

Additional System Details

This happened

Every time Firefox opened

This started when...

13.01

Installed Plug-ins

  • Shockwave Flash 11.4 r402
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1

More Information

Gingerbread Man 403 solutions 1537 answers

The latest version is 15.0.1. The version you're using contains the following security vulnerabilities:

Yes. Click any of the DigiNotar certificates and then click the Edit Trust button. You can see they're all set to “Do not trust”. The technical reason is explained at

The latest version is 15.0.1. The version you're using contains the following security vulnerabilities: * https://www.mozilla.org/security/known-vulnerabilities/firefox.html Yes. Click any of the DigiNotar certificates and then click the '''Edit Trust''' button. You can see they're all set to “Do not trust”. The technical reason is explained at * http://www.mozilla.org/security/announce/2011/mfsa2011-35.html

Question owner

WHy is Diginotar still present in Firefox 13.01 since the comapny that provides the Diginotar went bankrupt and is no longer present since this version of Firefox 13.01. I am located in Canada, Ontario, using ISP Electronic Box and would like to know why 13.01 still has Diginotar certs?

WHy is Diginotar still present in Firefox 13.01 since the comapny that provides the Diginotar went bankrupt and is no longer present since this version of Firefox 13.01. I am located in Canada, Ontario, using ISP Electronic Box and would like to know why 13.01 still has Diginotar certs?
Gingerbread Man 403 solutions 1537 answers

It's explained in the link I posted:

As more information has come to light about the attack on the DigiNotar Certificate Authority we have improved the protections added in MFSA 2011-34. The main change is to add explicit distrust to the DigiNotar root certificate and several intermediates. Removing the root as in our previous fix meant the certificates could be considered valid if cross-signed by another Certificate Authority. Importantly this list of distrusted certificates includes the "PKIOverheid" (PKIGovernment) intermediates under DigiNotar's control that did not chain to DigiNotar's root and were not previously blocked.
It's explained in the link I posted: As more information has come to light about the attack on the DigiNotar Certificate Authority we have improved the protections added in [http://www.mozilla.org/security/announce/2011/mfsa2011-34.html MFSA 2011-34]. The main change is to add explicit distrust to the DigiNotar root certificate and several intermediates. '''Removing the root as in our previous fix meant the certificates could be considered valid if cross-signed by another Certificate Authority.''' Importantly this list of distrusted certificates includes the "PKIOverheid" (PKIGovernment) intermediates under DigiNotar's control that did not chain to DigiNotar's root and were not previously blocked.

Question owner

Since this company is now defunct. My question is why is Diginotar certiifcate still present? It should be remove as the comapny no longer exists. This is a serious security flaw because the certificates where stolen form Digitnotar without them reporting the thief.

Since this company is now defunct. My question is why is Diginotar certiifcate still present? It should be remove as the comapny no longer exists. This is a serious security flaw because the certificates where stolen form Digitnotar without them reporting the thief.