Mozilla approved CNNIC as a trusted root CA in Firefox in 2009, and the CA was caught misissuing certificates for Google domains in 2015, allowing threat actors to intercept traffic meant for Google sites -an event that got CNNIC banned inside most certificate root store lists.Īccording to Mozilla engineers who spoke with ZDNet on deep background and did not want to share their names because they were not authorized to speak on behalf of the organization, Mozilla is seriously considering the issue. Quintin expanded on his fears in a post on the EFF blog, reminding Mozilla that it went through a similar issue in 2009 with CNNIC, the Chinese government's official CA. "I would go so far as revoking their intermediate certificate as well, based on these revelations." "Given DarkMatter's business interest in intercepting TLS communications adding them to the trusted root list seems like a very bad idea," EFF's Cooper Quintin said in the Google Groups discussions. However, most seem technical errors, and the certificates don't seem to have been abused for anything malicious.
Those who are asking Mozilla to decline DarkMatter's request of inclusion in the root certificate store were quick to seize on the fact that DarkMatter has already misissued a few TLS certificates already via QuoVadis. The company has already been granted the ability to issue TLS certificates via an intermediary, a company called QuoVadis, now owned by DigiCert. In Google Groups and Bugzilla discussions on its request, DarkMatter has denied any wrongdoing or any intention to do so. Many fear that once approved on Mozilla's certificate store list, DarkMatter may be able to issue TLS certificates that will be able to intercept internet traffic without triggering any errors on some Linux systems, usually deployed in data centers and at cloud service providers. On one side Mozilla is pressured by organizations like the Electronic Frontier Foundation, Amnesty International, and The Intercept to decline DarkMatter's request, while on the other side DarkMatter claims it never abused its TLS certificate issuance powers for anything bad, hence there's no reason to treat it any differently from other CAs that have applied in the past.įears and paranoia are high because Mozilla's list of trusted root certificates is also used by some Linux distros. Mozilla uses this certificate store to know what TLS certificates to trust when loading encrypted content inside Firefox and Thunderbird, similar to how Apple, Google, and Microsoft all use their own certificate stores to know what content to trust in their own products as well.Īn organization that has a root certificate added in these root stores has the power to issue new certificates that are automatically trusted by these major companies and their respective browsers.Ĭurrently, Mozilla is caught between a rock and a hard place because DarkMatter has a history of shady operations but also has a clean history as a CA, without any known abuses. Ī few months back, DarkMatter filed a bug report asking that its own root certificates be added to the Firefox's certificate store -which is an internal list of Certificate Authorities (CAs).ĬAs are companies, organizations, and other entities that are approved to issue new TLS certificates -the mechanism that supports encrypted HTTPS communications.
The vendor is named DarkMatter, a cyber-security firm based in the United Arab Emirates that has been known to sell surveillance and hacking services to oppressive regimes in the Middle East.
#WHO OWNS MOZILLA FIREFOX INSTALL#
Hackers are turning to this simple technique to install their malware on PCs.These researchers wanted to test cloud security.
#WHO OWNS MOZILLA FIREFOX CODE#
0 kommentar(er)
