[v2.7] nss: Mis-issued ANSSI/DCSSI certificate
Impact: High
Announced: December 10, 2013
Reporter: Google
Google notified Mozilla that an intermediate certificate, which chains up to a root included in Mozilla’s root store, was loaded into a man-in-the-middle (MITM) traffic management device. This certificate was issued by Agence nationale de la sécurité des systèmes d’information (ANSSI), an agency of the French government and a certificate authority in Mozilla’s root program. A subordinate certificate authority of ANSSI mis-issued an intermediate certificate that they installed on a network monitoring device, which enabled the device to act as a MITM proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control.
References:
http://www.mozilla.org/security/announce/2013/mfsa2013-117.html
https://hg.mozilla.org/projects/nss/rev/5a7944776645
https://rhn.redhat.com/errata/RHSA-2013-1861.html
(from redmine: issue id 2575, created on 2014-01-08, closed on 2014-02-05)
- Relations:
- parent #2571 (closed)
- Changesets:
- Revision 1bbb01db by Natanael Copa on 2014-02-05T08:23:58Z:
main/nss: security upgrade to 3.15.3.1
fixes #2575