1460250
|
|
provide asynchronous versions of some PKCS#11 APIs
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1642010
|
|
isDistrustedCertificateChain should check that certRoot->distrust->serverDistrustAfter is of the expected length
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-05-21
|
1657591
|
|
remember client auth decisions on a per-session basis
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-09-11
|
1818546
|
|
Firefox 110 generating popup to authenticate to security token
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-03-10
|
1838429
|
|
OCSP requests use System Principal
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-05-26
|
447794
|
|
Certificate backups use RC2/40 encryption
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-10
|
473795
|
|
Deleting a server certificate exception should confirm the server name, not the certificate name
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-10
|
477982
|
|
Prompt for SSL client certificates appears at erratic times
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-10
|
512437
|
|
provide better error message when client cert authentication fails
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-10
|
741327
|
|
Certificate selection modal dialog appears on wrong window
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-10
|
882625
|
|
Blocked SmartCard Pop-up
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-10
|
1002453
|
|
StartSSL certificate has weird name le-8bbf0da1-ccce-44d9-.......
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1128278
|
|
OCSP requests are sent through proxy server without (required) authentication
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1242078
|
|
error messages in the add certificate exception dialog differ from the error messages used elsewhere in Firefox
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
12:12:03
|
1272749
|
|
When replacing expired digital certificate, Firefox requires close and open
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-02-27
|
1306582
|
|
make TLS 1.3 named groups configurable via prefs
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1312195
|
|
nsISSLStatus has no fields for the ECDHE/DHE parameters
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-11-25
|
1322751
|
|
improve differentiation between builtin root certificates and imported certificates / certificates from pkcs#11 tokens in the certificate manager
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1338480
|
|
nsIX509Cert.displayName is empty when a certificate has an empty subject distinguished name
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1359902
|
|
server certificate issuer does not update in site identity box when it changes (after a refresh)
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1365712
|
|
change nsIX509Cert.displayName to use the nickname of certificates on external tokens
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1366995
|
|
Firefox continues to present a client certificate which has been deleted from its certificate store, until it is restarted
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1374586
|
|
psm::Constructor should be initialized earlier in child process
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1378269
|
|
Removing a CA certificate from the certificate manager does not clear existing TLS secrets
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1380420
|
|
Improve the MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error message
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1474963
|
|
Firefox stalls after TLS handshake on self signed certificate - bug 1056341 not corrected
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-02-27
|
1526773
|
|
unclear error message in some situations
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1557521
|
|
Certificate store does not recognize friendly names edited in windows. Cannot create any kind of "friendly" name within FF cert store.
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2020-05-18
|
1567825
|
|
make Firefox's use of NSS's sqlite-backed certdb more robust against transient network errors when the db is on a networked drive
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-12-11
|
1603082
|
|
Pinpad smartcard authentication text does not fit to the dialogue window
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2020-05-18
|
1613977
|
|
certificates imported from the OS may also exist in the user's certdb, which creates a confusing trust situation
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2020-05-18
|
1637754
|
|
Implement RFC 8740 "Using TLS 1.3 with HTTP/2"
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-06-05
|
1643083
|
|
TLS connection fails after page is shown; no detailed information is given
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2020-06-29
|
1651688
|
|
Improve usability of security module authentication popup
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1698952
|
|
page info dialog asks for client certificate
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2021-04-19
|
1725025
|
|
CKR_GENERAL_ERROR when attempting smartcard authentication
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-08-03
|
1741567
|
|
As same as Chrome 96, Remove some insecure cipher suites
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-10-30
|
1761262
|
|
Certificates selected using "OS Client Cert Module" are assumed to be available even when the smart card is not
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-06-30
|
1771274
|
|
osclientcerts: determining if keys support rsa-pss is still a problem
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-06-30
|
1806785
|
|
certificates without a subject common name result in empty strings in some UI
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-12-21
|
1815931
|
|
consider treating stapled OCSP as an optimization
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-02-13
|
1843576
|
|
Not possible to check SSL certifcate when adding an exception manually via Edit->Settings due to modal dialog box
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-04-17
|
1851701
|
|
Authentication Decisions should remember host + PORT when presenting client certificates via SSL
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-09-20
|
1853982
|
|
Resizing certificate manager is broken - column sizes can only get bigger, which forces dialog bigger
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-04-03
|
1868961
|
|
Authentication Decisions: delete not in effect until cookie is cleared
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-12-11
|
1874674
|
|
client certificate popup migrates to another tab
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-01-16
|
1880024
|
|
client certificate selection dialog dis(appears) several times
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-02-27
|
1891826
|
|
Impossible to proceed (no matching certificates to delete): SEC_ERROR_REUSED_ISSUER_AND_SERIAL
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-04-19
|
506939
|
|
Firefox does not understand and inform the user when PKCS#11 token PIN is invalid or blocked.
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-10
|
953322
|
|
User-added CAs should be able to specify a domain for which they are trusted
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1008120
|
|
Trailing dot in SNI HostName must be stripped according to RFC 3546
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-09-20
|
1091857
|
|
Firefox does not show certificate selection dialog after installing new certificate
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-07-28
|
1220129
|
|
old client certificate used after it expired despite newer one added (ssl_error_expired_cert_alert after)
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-08-02
|
1328109
|
|
provide more explanation when a certificate is missing a subject alternative name extension
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1328113
|
|
build feature to impose name constraints on imported (CA) certificates
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1389783
|
|
no authentication dialog given for ocsp system connections
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1399048
|
|
configure columns in certificate manager
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1412691
|
|
Allow static pinning of DS records
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1488742
|
|
Outdated Content-Signature Documentation
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1492411
|
|
limit checking for smartcard changes to no more than once every interval, for some interval
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1507231
|
|
backup certificate (with private key) does not ask master password
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1589316
|
|
Firefox doesn't let user choose smart card to use for authentication before PIN prompts
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1627645
|
|
add an option to only allow deprecated TLS versions for RFC 1918 addresses
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2020-12-12
|
1654000
|
|
[enterprise roots] trust system roots on linux
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-07-18
|
1721367
|
|
certificate manager: indicate when a certificate exists on multiple tokens
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-07-25
|
1721595
|
|
Certificate Manager reacts to ctrl-tab
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-05-24
|
1735782
|
|
client certificate selection dialog should show more differentiating information about each certificate in the drop-down
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2021-11-08
|
1740149
|
|
Smartcard login produces multiple password prompts and requires two tries for successful authentication
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-04-23
|
1751201
|
|
Add a log line to the FinishNPNSetup Function
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-03-25
|
1752722
|
|
Manual per-site certificate authority pinning
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-10-11
|
1780774
|
|
error: PR_END_OF_FILE_ERROR with a firewall blocking local page
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-03-10
|
1782680
|
|
Certificate Manager/Authentication Decisions: Delete... button has ellipsis even if it does not open a dialog
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-02-27
|
1782683
|
|
Preferences/Certificate Manager/Authentication Decisions : no sorting supported
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-08-02
|
1806812
|
|
Certificate Manager/Authentication Decisions: needs bulk delete
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2022-12-21
|
1844963
|
|
Setting security.nocertdb to true disables all installed add-ons and prevents new add-ons from being installed
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-10-05
|
1845855
|
|
hook up client authentication when neqo supports it
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-07-28
|
1847378
|
|
no way to list preloaded intermediate CA certificates
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-08-08
|
1892392
|
|
table headers switched in Certificate Manager / Servers
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-05-23
|
1892504
|
|
CertViewer does not display multiple policy qualifiers
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-04-23
|
1901994
|
|
Firefox unable to parse two OIDs in certificate subject DN
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-06-12
|
1861351
|
|
"Do not send client certificate" in the authentication decisions panel are not removed
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2023-11-08
|
1899986
|
|
Firefox seems to freeze when loading PKCS#11 device driver
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-05-31
|
1900136
|
|
Logging into sites that require PIV fail with A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.
|
Core
|
Security: PSM
|
nobody
|
UNCO
|
---
|
2024-05-31
|
1565282
|
|
Empty unnecessary fields in IntermediatePreloading data
|
Core
|
Security: PSM
|
dkeeler
|
NEW
|
---
|
2022-10-11
|
1729538
|
|
test failure in security/manager/ssl/tests/unit/test_oskeystore.js on apple silicon
|
Core
|
Security: PSM
|
dkeeler
|
NEW
|
---
|
2021-10-08
|
1842872
|
|
stop caching intermediate certificates
|
Core
|
Security: PSM
|
dkeeler
|
NEW
|
---
|
2024-01-24
|
1905453
|
|
gather telemetry on third-party PKCS#11 module prevalence
|
Core
|
Security: PSM
|
dkeeler
|
NEW
|
---
|
Fri 15:58
|
1901768
|
|
Upgrade Firefox 129 to use NSS 3.102
|
Core
|
Security: PSM
|
jschanck
|
NEW
|
---
|
Fri 11:37
|
1141544
|
|
Intermittent test_oob_cert_auth.js | xpcshell return code: 0 | :0: error: 127.0.0.1:49413 uses an invalid security certificate.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1317792
|
|
modify the DataStorage eviction strategy to take into account eTLD+1 or similar
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1370516
|
|
NSS should be initialized off main thread
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1396030
|
|
Load PKCS#11 modules in isolated processes
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-30
|
1409910
|
|
browser_certViewer.js fails intermittently under test-verify
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1410251
|
|
Emit a warning to the console when we encounter an invalid stapled OCSP response
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1415311
|
|
Make OCSP responses available to the certificate error page.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-09-05
|
1415312
|
|
Make CT SCTs available to the certificate error page.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-05-09
|
1431850
|
|
simplify how nsCertTree chooses which certificates to display
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1441548
|
|
Make CERT_VALIDATION_SUCCESS_BY_CA release telemetry available for consumption
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1449668
|
|
add a specific error code for when we run out of budget searching for a path in mozilla::pkix
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1541212
|
|
restrict nsICertStorage.getRevocationState to non-main-threads only
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1548956
|
|
make test_cert_storage_preexisting.js work on 32-bit platforms
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1554939
|
|
Leverage Uptake Telemetry for errors in Remote Settings "sync" event handlers
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1566558
|
|
be more careful about integer type sizes in nsSiteSecurityService
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2020-05-18
|
1573607
|
|
Collect telemetry when SSLKEYLOGFILE is in use
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-12
|
1606696
|
|
Enable CRLite telemetry-mode on mobile in Nightly
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-10-03
|
1609449
|
|
nsCryptoHash should use a hashing API that indicates success/failure
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2020-05-18
|
1610136
|
|
Avoid blocking shutdown to persist DataStorage values
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-06-23
|
1619468
|
|
load of value 999, which is not a valid value for type 'SecurityPropertyState' in src/security/manager/ssl/nsSiteSecurityService.cpp:98
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2020-05-18
|
1632292
|
|
Disable DSA for all TLS operations
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2020-05-05
|
1651193
|
|
Update PSM and NSS telemetry probes for Fenix
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1665788
|
|
nsIX509CertDB.getCerts should be asynchronous
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2020-09-17
|
1677157
|
|
Enable CRLite on Android
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-22
|
1809477
|
|
many security/manager/ssl/tests/unit xpcshell tests time out when run from an msix package
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-01-25
|
1825720
|
|
The IntermediatePreloadingHealer timer runs every 5 minutes even when there is no other activity
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-04-14
|
1548030
|
|
Flip the preference to enable CRLite
|
Core
|
Security: PSM
|
jschanck
|
NEW
|
---
|
2022-10-11
|
1796190
|
|
Optimize RemoteSecuritySettings attachment caching
|
Core
|
Security: PSM
|
jschanck
|
NEW
|
---
|
2022-10-19
|
1797589
|
|
Expired CRLite files should be deleted
|
Core
|
Security: PSM
|
jschanck
|
NEW
|
---
|
2022-10-26
|
1874959
|
|
[meta] Xyber768 experiment
|
Core
|
Security: PSM
|
jschanck
|
NEW
|
---
|
2024-06-12
|
396441
|
|
Improve SSL client-authentication UI
|
Core
|
Security: PSM
|
kaie
|
NEW
|
---
|
2022-07-25
|
91497
|
|
Rephrase SSL Client Certificate selection dialog
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
100989
|
|
sort SSL client auth cert selection list based on expired/revoked state
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-01-17
|
101611
|
|
Web sites can easily spoof the Master Password dialog
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-17
|
135403
|
|
Add "None" button for client authentication, change cancel to cancel connection
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
188338
|
|
Import failures don't result in an error message alert on the "People" and "Authorities" tab of the Certificate manager
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
230301
|
|
No error message when PSM can't import a cert
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
264096
|
|
check if NSS is initialized before calling NSS functions
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
302238
|
|
When incorrect master password is entered, password manager should say so in master password dialog
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-08-20
|
322438
|
|
if a server requested a client certificate and none is available, the user should be informed of this somehow
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
336629
|
|
no error feedback if the PK11_InitPin call in nsPK11Token::InitPassword fails (e.g. a weak password in FIPS mode)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
337785
|
|
Importing CA chain: Can't import new intermediate if root is already present
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
360594
|
|
Explore use cases behind certificate management, improve usability of the interface
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
399643
|
|
Introduce a separate tab in cert manager for intermediate certs
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
399914
|
|
Bad cert exception creation dialog should warn of existing exceptions
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
407128
|
|
PKCS#11: CKF_PROTECTED_AUTHENTICATION_PATH login not abortable
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
419069
|
|
SSL client authentication with no installed certificate gives a bad error message
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
445098
|
|
Show a more specific error message than "ssl_error_rx_record_too_long" when we get an HTTP response
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
448917
|
|
User Identification Request box does not move focus to the tab it is launched from
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
454782
|
|
deleted certificates reappear in the certificate manager before restarting Firefox
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-06-24
|
470926
|
|
Implement more stringent EV certificate checks in PSM
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
487394
|
|
investigate setting NSS_DISABLE_ARENA_FREE_LIST so that NSS doesn't hold on to memory it's not using
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
545606
|
|
Need to distinguish "Exception already exists" from "Valid Certificate"
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
570421
|
|
[meta] Meta bug for master password issues
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-02-27
|
593066
|
|
firefox should potentially clear remembered client authentication decisions upon (some) handshake failures
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-02-16
|
652002
|
|
Clear Recent History must clear OCSP cache when "Site Specific Settings" is checked
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
652003
|
|
Clear Recent History must clear intermediate certs cached during the given time period
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
669970
|
|
remove the "Get Certificate" button from the certificate exception dialog
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
674483
|
|
Master password dialog is not related/linked with browser window causing it to open above other windows
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-11-16
|
676972
|
|
[TRACKING] Important PSM xpcshell tests are disabled on Android
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
698243
|
|
nsNSSSocketInfo and nsSSLStatus are succeptable to race conditions
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
698252
|
|
add tests to ensure that OCSP requests can't ever be affected by spdy/h2/alt-svc
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
711014
|
|
Defer SSL initialization so that it doesn't occur during startup (during nsNSSComponent::Init)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
711015
|
|
Defer PKCS#12 (libsmime) initialization so that it doesn't occur during startup (during nsNSSComponent::Init)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
711785
|
|
Use SSL_NO_LOCKS option to reduce locking overhead
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
734065
|
|
mochitests-5: SSL "mixedcontent" tests report "JavaScript error: https://example.com/tests/SimpleTest/SimpleTest.js, line 40: Permission denied to access property 'TestRunner'"
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
759592
|
|
When multiple SSL handshakes are made in parallel, we may be requesting the same OCSP responses multiple times, one for each connection
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
775698
|
|
[Tracking] Remove all synchronous (on the main thread) certificate validation and certificate database access
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-06-24
|
791792
|
|
HTTPS tests do not run on Android
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
797678
|
|
Remove all certificate error overrides for a host when we successfully verify a certificate for a host
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
803582
|
|
Usage of OCSP fetching makes Firefox slow
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-09-02
|
861311
|
|
limit false start when changing ALPN negotiated protocols
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
867478
|
|
Remove support for email certificates from Gecko
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-06-24
|
883674
|
|
RFC5746 renegotiation extension warnings are sent to the error console instead of the web console
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
908125
|
|
Reject BR EE certificates with lifetimes / validity greater than the BRs allow
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
921127
|
|
In PSM don't provide EV treatment when cert includes wildcards in the alt-dns name and common name fields
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-07-27
|
926260
|
|
mozilla::pkix does not enforce name constraints on OCSP response signing certificates
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
926261
|
|
mozilla::pkix does not enforce certificate policy on OCSP response signing certificates
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
928456
|
|
make sure all applicable NSS functions are called between NSS init and shutdown
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
951319
|
|
Add EV variants of OCSP tests
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
953323
|
|
The add-a-CA UI should not allow enabling trust bits unrelated to the app
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
963797
|
|
SSL Client authentication failed with level three self assigned certificate no certificate is imported
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
968453
|
|
Add unit tests for x.509 extension parsing in mozilla::pkix's BackCert::Init
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
968556
|
|
Document internal design of mozilla::pkix
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
970196
|
|
Enforce that isCA bit and certSign/crlSign key usages are consistent in mozilla::pkix
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
970760
|
|
Certificate key usage is not enforced strictly when verifying server certificate
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
978831
|
|
Do not allow the server to change certificates during TLS renegotiation
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
980536
|
|
ocsp testing: include revocationReason
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
981060
|
|
don't clear the OCSP cache when security preferences change if we don't have to
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
985025
|
|
mozilla::pkix: do not accept the presence of pathLenConstraint in EE basic constraints extensions
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
987738
|
|
Avoid main-thread IO for {profile}\cert_override.txt
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-11-21
|
989051
|
|
mozilla::pkix does not process the id-ce-inhibitAnyPolicy extension correctly.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
989518
|
|
mozilla::pkix: do not accept improper encodings of basicConstraints:cA
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
991921
|
|
EV treatment should not be given when end-entity cert is signed directly by the root cert
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
993038
|
|
persistently cache OCSP responses (so they survive across restarts)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
994981
|
|
certificate override manager has multiple usability issues with certificates that could act as CAs
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
997994
|
|
mozilla::pkix: don't allow empty Extensions in OCSP responses
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1004350
|
|
Pin all the things
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-05-23
|
1009101
|
|
bugs that need to be fixed for mozilla::pkix to be used in NSS
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1009102
|
|
CA compatibility issues that affect mozilla::pkix
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1009110
|
|
(mozilla::pkix-CAs) For intermediate certs, don't accept OCSP responses that are more than 10 days old
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1012902
|
|
add more xpcshell unit tests for the pinning implementation
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1028368
|
|
Add unit tests for GetOCSPAuthorityInfoAccessLocation in NSSCertDBTrustDomain.cpp
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1028781
|
|
PKCS#12 import probably doesn't work so well after we removed all the configuration for CERT_VerfiyCert since it uses CERT_VerifyCert
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
1029832
|
|
[tracking] security ui papercuts
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1035493
|
|
remove the "Add Exception" button from the Server tab of the certificate manager
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1048977
|
|
Add telemetry to measure OCSP failures
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1050451
|
|
mozilla::pkix::VerifyEncodedOCSPResponse doesn't return validity period of the signer cert
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1059392
|
|
Switch default pinning enforcement level to strict
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1075167
|
|
Report original error when failing on a TLS downgrade alert (SCSV)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1077192
|
|
mozilla::pkix: more testing of signature algorithms
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1083446
|
|
Add Tests for CT Precertificate Signing Certificates
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1089906
|
|
the histogram data from SSL_VERSION_FALLBACK_INAPPROPRIATE indicates we're encountering an error we're not handling in tlsIntoleranceTelemetryBucket
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1092243
|
|
adding a certificate exception via the certificate manager makes it look like it's possible to do so for HSTS sites
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-03-02
|
1093305
|
|
only accept critical id-pkix-ocsp-nocheck extension in certificates being verified in an OCSP context
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1107794
|
|
Investigate/Fix LD_LIBRARY_PATH GreBinD issue in head_psm.js
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1116976
|
|
uncaught exceptions can leave the certificate exception dialog box in an unusable state
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1121695
|
|
Incorrect SSL error message when DNS name entry is equal to an IP address
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1122775
|
|
differentiate errors resulting from online OCSP and stapled OCSP
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1123805
|
|
mozilla::pkix's BuildCertChain doesn't fully validate the key of the passed-in certificate, because NSSCheckPublicKey doesn't
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1130653
|
|
Add telemetry for signature algorithm usage during certificate verification
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1130753
|
|
Pass more details of the public key to the TrustDomain
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1133562
|
|
Add telemetry for mapping KeyUsage to TLS key exchange algorithm
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1134456
|
|
Add GTests for RSA public key size checking and Elliptic Curve checking
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1135525
|
|
certificate manager: managing trust opens many dialogs
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1137484
|
|
Show Untrusted Connection Error when cert in chain uses less than RSA 2048 signatures
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1139039
|
|
investigate where underscores should be allowed in mozilla::pkix name matching after bug 1136616
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-02-27
|
1144902
|
|
add name constraint tests for RFC822Names and emailAddress AVAs in subject DNs
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1155767
|
|
verify that if an AVA is a PrintableString it consists only of characters valid for PrintableStrings
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1172495
|
|
Update nsNSSComponent and Telemetry to handle new OCSP options
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1184059
|
|
compatibility issues with domain labels beginning or ending with hyphens
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-04-08
|
1185626
|
|
better handle CERT_FindCertByIssuerAndSN failing in PSM
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-10-04
|
1202112
|
|
A top-level includeSubdomains directive does not enforce STS for subdomains if there is an intermediate superdomain without the includeSubdomains directive
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1212393
|
|
Intermittent test_validity.js | xpcshell return code: 0 | Should have 0 remaining expected OCSP responses - 1 == 0
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-05-22
|
1221033
|
|
Make expiry non-overrideable for short-lived certificates
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1225288
|
|
when building the pinning preload list, don't allow built-in roots that aren't trusted for TLS
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1227520
|
|
Establish deprecation date for RSA key exchange
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1227522
|
|
Establish deprecation date for CBC cipher suits
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-06-19
|
1230312
|
|
track fixing platform leaks of NSS resources
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1242827
|
|
Intermittent test_ocsp_stapling_expired.js | Test timed out
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1249002
|
|
Add the ability to prevent certain certificates from being added to the CertBlocklist
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-06-30
|
1252721
|
|
Use Assert.jsm numeric comparison functions in PSM tests
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
1256071
|
|
disallow string types other than PrintableString and UTF8String in certificate distinguished names as per RFC 5280 section 4.1.2.4
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1256073
|
|
disallow matching UTF8String with PrintableString in distinguished name comparisons as per RFC 5280 section 4.2.1.10
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1259320
|
|
Remove -wd4456 and -wd4458 from security/**/moz.build
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1266946
|
|
Intermittent test_ocsp_stapling.js | xpcshell return code: 0 | - Actual and expected connection result should match - 2153394070 == 0
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1267861
|
|
investigate deleting certificates immediately rather than upon destruction
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1271618
|
|
PSM UI indicators for when a PKCS#11 token PIN is blocked, etc.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-06-06
|
1281469
|
|
Implement Certificate Transparency support (RFC 6962)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-06-11
|
1287300
|
|
Add performance telemetry for TLS 1.3
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1294897
|
|
track implementing and using js certificate decoder
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1295698
|
|
Tool/Script to check that the CA Community in Salesforce data is in sync with the NSS root store and ExtendedValidation.cpp
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1303098
|
|
Sudden and prolonged change in distribution of DATA_STORAGE_ENTRIES probe on Nightly 20160910
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1303100
|
|
Add alert_emails field for Telemetry probe DATA_STORAGE_ENTRIES and other, related probes
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1303414
|
|
increase preloaded information lifetimes
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1303415
|
|
develop tool to increase visibility on when preloaded security information will expire in versions that have shipped/will ship
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1306361
|
|
Clean up redundant security/manager/pki JS code.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
1307620
|
|
update AccumulateECCCurve to handle all enabled named groups
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1309221
|
|
Intermittent security/manager/ssl/tests/unit/test_ocsp_caching.js | - Actual and expected connection result should match - 2153394070 == 0
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1310840
|
|
Intermittent test_ocsp_no_hsts_upgrade.js | - Actual and expected connection result should match - 2153394070 == 0
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1311377
|
|
[Tracking] SSL_ERROR_UNRECOGNIZED_NAME_ALERT related OCSP test intermittent failures
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1311753
|
|
audit PSM initialization for silent failures that may result in an unusable session
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1316070
|
|
improve RememberCertErrorsTable API and related machinery
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1316076
|
|
add_connection_test should modify "network.dns.localDomains" rather than clobbering it entirely
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1316293
|
|
pkcs11testmodule.cpp should ensure tokenPresent doesn't change in between calls to Test_C_GetSlotList()
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1317245
|
|
Require id-kp-serverAuth for all TLS end-entity certificates
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1321608
|
|
add more test coverage for nsIX509Cert.displayName (see bug 857627)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1323141
|
|
tryLater OCSP response causes hard failure when stapled
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1330968
|
|
Make OneCRL name comparisons encoding agnostic
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1332734
|
|
ensure that the certificates for PSM xpcshell tests that verify certificates at a particular time are always valid for that time
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1338873
|
|
Revert const changes from bug 1335294 when practicable
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1341528
|
|
importCertsFromFile should return an array of certs
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1343806
|
|
Drop the flags parameters from nsISiteSecurityService functions and make the origin attributes parameters mandatory.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1344164
|
|
Test that HSTS and HPKP preload works correctly under origin attributes isolation.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-03-02
|
1346861
|
|
Automatically regenerate CA RootHashes.inc
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1347872
|
|
nsISecretDecoderRing should have methods that handle binary as ArrayBuffers instead of JS strings
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1352263
|
|
add telemetry for how often certificates with an EV OID fail to validate as EV
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1355903
|
|
Re-enable Certificate Transparency telemetry collection
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-06-11
|
1359647
|
|
add telemetry for how frequently users have non-default trust anchors
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1360615
|
|
make it harder to do the wrong thing with CTLogOperatorInfo.id
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1361118
|
|
Constrain intermediates of the Firefox PKI to specific functions
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1361177
|
|
add more comprehensive certificate transparency integration tests
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-15
|
1361759
|
|
Enable MSVC -Wall for security/manager/ssl/
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1366582
|
|
Remove "Enable FIPS" button
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
1367507
|
|
security.OCSP.require doesn't work when fetching OCSP only for EV
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1368104
|
|
Use [infallible] more in PSM IDL files
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1370834
|
|
Initializing NSS requires too much IO
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1372418
|
|
initializing EC keys for certificate transparency can fail if the profile is in FIPS mode (and maybe the sql db?)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1383279
|
|
Don't enter FIPS Mode unless NSS is more likely FIPS-compliant
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1387855
|
|
getHSTSPreloadList.js only adds but never removes domains
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-03-02
|
1391062
|
|
don't offer to unload the NSS softoken or builtin roots module in the PKCS#11 device manager ("security devices")
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1416332
|
|
modifying psm xpcshell test certificates breaks local tests
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1425832
|
|
Using Services.prompt from pippki.js breaks browser_loadPKCS11Module_ui - should use PromptTestUtils
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-01-26
|
1427717
|
|
Certificate Manager & related dialogs need tests
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1429800
|
|
[meta] Implement a CRLite based revocation mechanism
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-06-07
|
1443554
|
|
show an error message when importing a certificate in the certificate manager fails
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1446382
|
|
Remove "tree" from the certificate manager
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1446385
|
|
Remove "tree" from the device manager
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1446645
|
|
nsISecretDecoderRing.logoutAndTeardown() should probably only terminate client-cert-authenticated connections
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1447011
|
|
Permit setting HSTS entries only on the host name or the eTLD+1
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-03-02
|
1447363
|
|
figure out why NSS resources leak at shutdown on android
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1448687
|
|
certificate linter: warn if the server certificate has invalid DNSNames/IPAddresses etc.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1463865
|
|
[meta] Support OS-level secret-keeping
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-03-21
|
1468223
|
|
[meta] No More Dialogs from C++
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2021-07-13
|
1468226
|
|
No More Dialogs from nsIX509CertDB
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1468227
|
|
No More Dialogs from ClientAuthDataRunnable (nsNSSIOLayer.cpp)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1468228
|
|
No More Dialogs from PKCS#11 module pin unlock
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1468229
|
|
No More Dialogs from Setting PKCS#11 module pin
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1476864
|
|
nsPK11Token is main-thread only
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1477365
|
|
figure out some way to test the enterprise roots feature on OS X
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1478921
|
|
Implement OS key-store adapter for Android
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-02-17
|
1484751
|
|
[meta] IPC PSM API for network process isolation
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1487282
|
|
Expunge some TLS-related prefs
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1490935
|
|
Security Devices list in Preferences shows 'Manufacturer', 'HW Version' and 'FW Version' rows twice in grid
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1494478
|
|
[meta] Add an API to re-authenticate the user with the operating system (OS)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-11-02
|
1510003
|
|
No visible failure report when importing PKCS12 cert into People tab in Certificate manager
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1513069
|
|
[meta] enterprise roots
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-08-15
|
1535662
|
|
[meta] intermediate preloading tracking bug
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-02-27
|
1540639
|
|
separate built-in roots from user-added or cached certificates in the certificate manager
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1540642
|
|
Verifying multiple signatures for the same x5u is not efficient
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1540645
|
|
Add Web IDL constructor for signature verifier
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1542028
|
|
add a getter for the raw bytes of something decoded by DER.jsm/X509.jsm
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1546675
|
|
Ship security settings JSON dumps on mobile?
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1555404
|
|
[meta] Support dynamic TLS cipher suites
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1557378
|
|
Investigate linking softokn/freebl/nss thingies directly into libxul or use readahead to make actual nss initialization cheaper
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1557934
|
|
certificate manager misleads users into thinking they can delete built-in roots
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1558329
|
|
master password dialog pops up when watching full screen video
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2020-05-18
|
1562324
|
|
[meta] Use nsIOSKeystore for Passwords, Certificates, and Secrets
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-01-16
|
1562325
|
|
Design mechanism to share / backup / restore profile secrets kept via nsIOSKeystore
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-11-02
|
1562772
|
|
Show users that a Delegated Credential is in-use
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1566191
|
|
[meta] track not decoding certificate information in the content process(es)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-01-04
|
1585462
|
|
remove CERT_FindUserCertsByUsage from nss.symbols
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1586794
|
|
Turn on HTTP3 tests on all platforms
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-01-25
|
1591269
|
|
[meta] osclientcerts tracking bug
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-02-27
|
1591567
|
|
the certificate manager should find certificates asynchronously
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2020-05-18
|
1599593
|
|
Ensure browser_certViewer.js can run with --verify and investigate related intermittent failures.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1600449
|
|
Log a warning message when a site uses RSA-PKCS1-SHA1 signature scheme
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1601787
|
|
disable "delete" and "backup" buttons in certificate manager for client certificates that are not on the softoken
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-05-24
|
1639914
|
|
SEC_ERROR_OCSP_SERVER_ERROR with most https websites when security.OCSP.require is set to true and a https .pac file is used
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2020-06-28
|
1640038
|
|
Signature verifier throws NS_ERROR_ILLEGAL_VALUE if signature length is even
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1643748
|
|
return xpcom-ified NSS error codes from constructX509*
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1664048
|
|
[meta] track avoiding NSS types in PSM
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-04-24
|
1679954
|
|
Use nsIX509CertDB.asyncGetCerts instead of blocking the main thread
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-11-29
|
1680819
|
|
enable intermediate preloading on focus
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-22
|
1689728
|
|
[tracking] use NSS only on the socket thread
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1691027
|
|
asyncHasThirdPartyRoots can cause authentication dialogs to appear at startup (from DoHHeuristics.jsm)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-14
|
1697849
|
|
Make nsPK11Token's APIs run asynchronously in the socket thread
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1705732
|
|
Incorrect tags are used when decoding issuerUniqueID and subjectUniqueID in X509.jsm
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2021-04-19
|
1708397
|
|
Measure size of data received during TLS handshake
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2021-06-10
|
1715443
|
|
pycert.py constructs certificate lifespans without accounting for RFC 5280 validity period inclusivity
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-11-10
|
1718303
|
|
Use NSS only on socket thread in nsNSSCertificate
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1718304
|
|
Use NSS only on socket thread in nsNSSComponent
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1718305
|
|
Use NSS only on socket thread in nsNSSCertificateDB::ImportCertsIntoTempStorage/ImportCertsIntoPermanentStorage
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1718306
|
|
Use NSS only on socket thread in nsNSSCertificateDB::DeleteCertificate
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1718307
|
|
Use NSS only on socket thread in nsNSSCertificateDB::SetCertTrust
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1718308
|
|
Use NSS only on socket thread in nsNSSCertificateDB::AddCert
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1729554
|
|
8 autofill test failures skipped on apple silicon
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-04-23
|
1729923
|
|
Shutdown crash in "NSS_Shutdown failed" after profiling a remote firefox
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
1746467
|
|
update pinning metadata automation to be a bit more robust
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1769288
|
|
Add telemetry measuring time spent initializing NSS
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1772152
|
|
Ignore PKCS#7 Signatures on Addons when they aren't required.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-03-15
|
1774065
|
|
Automate removing entries for expired certificates from OneCRL
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1778337
|
|
Stored credit card number and associated data not filled in despite being offered to autofill
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-06-04
|
1779651
|
|
use SmallVec<[u8; 17]> to store stash serials in cert_storage
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-11-29
|
1800852
|
|
nsINSSComponent.ClearSSLExternalAndInternalSessionCache is racy with socket process
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-04-23
|
1815770
|
|
Automate generation of certificates for test_signed_apps.js
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-02-08
|
1816878
|
|
Add Prefs for Client Hello Permutation and GREASE
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-08-28
|
1819954
|
|
[meta] Ensure HSTS works properly
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-05-28
|
1834770
|
|
Startup Crash in [@ InitializeNSSWithFallbacks]
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-01-28
|
1840056
|
|
Update python rsa package in third_party/python/rsa
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-04-23
|
1846723
|
|
SecretDecoderRing (SDR) should use AES
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-04-23
|
1849161
|
|
kod.ldora.cn - Firefox blocks sites after remembering the mTLS certificate setup
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-09-21
|
1869269
|
|
Migrate TLS Telemetry to GLEAN
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-05-13
|
1869537
|
|
The certificate manager dialog is also resized after resizing the certificate manager table column many times
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-04-23
|
1873972
|
|
[meta] tracking TLS error page reduction work
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-01-10
|
1874165
|
|
Primary password prompt appears when visiting ipv6-test.com or zomato.com despite no saved logins
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-02-06
|
1880245
|
|
Unreported heap-unclassified memory for cert_storage::SecurityState::load_crlite_filter
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-02-28
|
1880709
|
|
Remove Firefox Prefs for deprecated TLS Versions (1.0, 1.1).
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-02-26
|
1895259
|
|
Crash in [@ shutdownhang | alloc::raw_vec::RawVec<T>::current_memory]
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-06-10
|
1896181
|
|
Incorrect Handling of Key Usage Extension in SSL Certificates by Firefox
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-05-10
|
1896997
|
|
Limit the size of secrets stored in OSKeyStore
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-05-21
|
1527745
|
|
Implement OS re-authentication on Linux (Gnome Keyring)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-06-24
|
1736612
|
|
Provide infra which allows to query Cert Revocation Info within a given httpChannel
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-02-18
|
1774485
|
|
Intermittent security/manager/ssl/tests/unit/test_cert_overrides.js | - Actual and expected connection result should match - 2152398868 == 2153394164 after xpcshell return code: 0
|
Core
|
Security: PSM
|
dkeeler
|
NEW
|
---
|
2022-08-02
|
1585916
|
|
Intermittent security/manager/ssl/tests/unit/test_session_resumption.js | xpcshell return code: 0 | Actual and expected base path should match - "" == "ev-test"/"ev-test-intermediate"
|
Core
|
Security: PSM
|
dothayer
|
NEW
|
---
|
2022-10-11
|
1673969
|
|
Exempt non mozilla root certificates from OCSP stapling time limits (or relax these limits).
|
Core
|
Security: PSM
|
emilio
|
NEW
|
---
|
2024-04-23
|
1735832
|
|
Certificate Manager: Allow viewing the validity of an end entity certificate
|
Core
|
Security: PSM
|
kaie
|
NEW
|
---
|
Mon 11:02
|
82903
|
|
[CertMgr] selecting multiple certs behavior needs polish
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
106604
|
|
Disable all non-FIPS ciphersuites while in FIPS mode
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2021-10-27
|
129301
|
|
Better support for Certs from multiple sources.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
166198
|
|
add certificate exception dialog uses web-specific terminology
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
236461
|
|
Problems importing a PKCS #7 certificate set in Mozilla
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
263212
|
|
NSS build fails when passed directories containing =
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
269022
|
|
Edit CA trust dialog shows the name of certain certs to be the empty string
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
353979
|
|
PSM smart card password prompt is unclear
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
357595
|
|
Importing non-email certificates into the "people" tab succeeds with no apparent result
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
401956
|
|
improve how certificate error exceptions are displayed in the certificate manager
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
419887
|
|
PSM should use scoped/unique data types for buffers (rather than raw char*, etc.)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
435013
|
|
Cert error "sec_error_reused_issuer_and_serial" (e.g. for Linksys devices) cannot be overridden
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-07-10
|
437690
|
|
PSM should call PK11_UnconfigurePKCS11 to avoid leak of strings
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
446335
|
|
Add button to restore default root certificates
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
459835
|
|
nsICryptoHash.updateFromStream doesn't like an zero length stream
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
459971
|
|
Find a way to simulate Protected-Auth in Firefox, without hardware/software
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
460987
|
|
Deleting user's cert also deletes corresponding private key
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
471150
|
|
Installation of Personal Certificate Should Suggest Setting a Master Password
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
488485
|
|
"CA Certificate already installed" prompt should have option to edit trust settings
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
511652
|
|
Add a GUI option to toggle the "Friendly certs" option of NSS
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-18
|
533442
|
|
Wrong and confusing description for Certification Authorities in the CA trust editing dialog
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
552555
|
|
some nsIX509CertDB methods don't take a ctx for window parenting
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
560922
|
|
Store certificates along with history
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
643900
|
|
Enabling HSTS for a site doesn't force safe renegotiation to be required for the site
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-03-02
|
644020
|
|
Client cert dialog should indicate whether cert will be sent in the clear or encrypted
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
645389
|
|
indicate which server failed when encountering sec_error_ocsp_server_error errors
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
648431
|
|
Do not read NSS secmod.db at startup unless the user actually customized his set of security modules
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
657591
|
|
When using custom PKCS11 module, certificates on a smart card that have empty CKA_LABEL value are not shown in personal certificates list and are not usable.
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
665859
|
|
Change default of security.ssl.treat_unsafe_negotiation_as_broken to true
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
672293
|
|
Certificate Manager doesn't sort certificates correctly (problem with non-ascii chars)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
673706
|
|
Review uses of PK11_GenerateRandom on performance-critical threads (main thread, socket thread) to see if it blocks too long (e.g. by doing disk I/O)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
698984
|
|
There is no testing for correct display/calculation of EV (extended validation) status
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
706955
|
|
Cleanup cert verification thread pool initiation and shutdown after bug 674147 landing
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-02-27
|
719298
|
|
Stop exposing NSS certificate validation APIs from NSS when MOZ_FOLD_LIBS is set
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-12-11
|
733716
|
|
Improve Certificate Manager, show explicit trust, work better with distrusted certificates
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-04-26
|
812598
|
|
Entire SSL session cache is cleared when closing last private browsing window
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
934699
|
|
nsProtectedAuthThread: inconsistent treatment of mSlot
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
951437
|
|
hsts preload list: make error reporting more clear when we're keeping a site on the list that we can't connect to
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-03-02
|
979055
|
|
figure out an efficient way to parametrize OCSP response properties in tests
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
989833
|
|
Double-check calls to der::Nested()/der::End() in mozilla::pkix
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
1024781
|
|
when creating a domain mismatch error string, check that the subject alt name dNSName entries are valid names
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1031093
|
|
Stop accepting explicit encoding of "version 1" in OCSP responses
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1048037
|
|
Add assertions for mozilla::pkix::Input and mozilla::pkix::Reader invariants
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
1057109
|
|
Improve definition of MOZILLA_PKIX_ARRAY_LENGTH
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1089430
|
|
mozilla::pkix doesn't verify that an IPAddress name constraint is a valid subnet mask
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
1114787
|
|
Implement CheckRFC822Name (S/MIME email address checking)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
1116625
|
|
poor interaction between "never remember history" and permanently saving certificate exceptions
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1121985
|
|
Add telemetry to measure name constraints violations
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1129077
|
|
Remove support for certificates that use the P-521 curve
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1129540
|
|
mozilla::pkix should provide a parser for the Authority Information Access (AIA) certificate construct
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1136338
|
|
CertManager: Make it less tedious to Delete/Distrust large numbers of entries
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1165987
|
|
use mozilla::pkix to extract data when gathering telemetry in SSLServerCertVerification.cpp
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1168603
|
|
hpkp implementation conflates user-installed CAs with pinning override
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1191998
|
|
nsISSLStatusProvider.SSLStatus.serverCert should contain the list of subject alternative names
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1244559
|
|
Intermittent e10s test_unsecureIframe2.html | application timed out after 330 seconds with no output
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1247326
|
|
PSM should check channelInfo.length on return
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1250696
|
|
.onion names contain their own validator, we should use that
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1251230
|
|
Disable FIPS button seems to work intermittently
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1270969
|
|
remove dbKey usage from nsCertOverrideService.cpp
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1273747
|
|
Clean up nsNTLMAuthModule
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1281037
|
|
HSTS cache eviction heuristic is suboptimal
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-03-02
|
1303870
|
|
call SSL_ConfigServerSessionIDCache on-demand when TLSServerSocket is used
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1331861
|
|
SSSLog uses %ld to print int64_t
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1345454
|
|
[Regression] Description is not properly folded for some authorities in "Edit CA certificate trust settings", the height of the window is incorrect
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
1369747
|
|
Audit Telemetry Probe CERT_VALIDATION_SUCCESS_BY_CA
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1491941
|
|
display imported 3rd party roots in some fashion
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1512476
|
|
Add search to the Certificates Manager
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1521034
|
|
[Ubuntu] "Add security exception" window bottom options are not displayed if size is decreased
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1528738
|
|
RFE: ability to bypass HSTS errors for power-users (about RFC section 12.1, No User Recourse)
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-02-27
|
1569222
|
|
Change implementations of TLSServer.cpp to use new SSL_ConfigServerCert mechanism
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2021-07-13
|
1583544
|
|
Clicking "Cancel"/"Reset" button on `chrome://pippki/content/resetpassword.xul` closes firefox
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2020-05-18
|
1618382
|
|
Tor Browser: Disable self-signed certificate warnings when visiting .onion sites
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1625140
|
|
Add security exception dialog should not follow redirects
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-05-12
|
1653693
|
|
Switch to async document.l10n APIs in changepassword.js and resetpassword.js
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1760019
|
|
Migrate pipnss.properties to Fluent
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-11-23
|
1812037
|
|
Allow decision to use enterprise roots per domain
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-01-27
|
1833337
|
|
MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING - please allow a bypass of the error
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-04-23
|
1850248
|
|
Sites with invalid ECH records receive uninformative errors
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-10-24
|
1878549
|
|
Importing certificates does not work in some situations
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-02-09
|
1892507
|
|
pkcs11.txt includes the absolute path of the profile directory
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-06-26
|
1893234
|
|
Certificate viewer incorrectly displays malformed subject key identifier extension
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-04-25
|
1902877
|
|
Intermittent security/manager/ssl/tests/mochitest/browser/browser_HSTS.js | single tracking bug
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-06-17
|
1680089
|
|
firefox should potentially clear remembered client authentication decisions upon signing failures
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2021-09-27
|
1824813
|
|
Remove fluent hacks from security/manager/pki/resources/content/exceptionDialog.js
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-03-27
|
1863768
|
|
Modify EV Processing of OCSP/CRL extensions
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2024-05-15
|
1816499
|
|
[meta] Integrate NSS releases into Firefox
|
Core
|
Security: PSM
|
ckerschb
|
ASSI
|
---
|
Thu 11:32
|
1899431
|
|
Use SSL_PeerCertificateChainDER
|
Core
|
Security: PSM
|
jschanck
|
ASSI
|
---
|
2024-05-28
|
458161
|
|
"Failed to restore the PKCS #12 file for unknown reason" is bad error message
|
Core
|
Security: PSM
|
eliotj12
|
ASSI
|
---
|
2024-01-21
|
1484464
|
|
expose security error codes (like bad certificate details) as named constants in nsINSSErrorsService
|
Core
|
Security: PSM
|
mkmelin+mozilla
|
ASSI
|
---
|
2022-07-25
|
1900619
|
|
Firefox should use modern algorithms in PKCS#12 files by default
|
Core
|
Security: PSM
|
kaie
|
ASSI
|
---
|
2024-06-04
|
445866
|
|
Master Password prompt dialog appearing in wrong place on screen
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-10-10
|
997106
|
|
follow same-origin redirects when testing HSTS preload list candidate hosts
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2023-03-02
|
1077954
|
|
the "Add Security Exception" dialog is not robust against unexpected input
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-10-10
|
1183716
|
|
Client SSL certificate dialog always checks "Remember this decision"
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-10-11
|
1229014
|
|
PSM UI (certificate manager, etc.) does a poor job handling certificates with serial numbers over 20 bytes
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-10-11
|
1429799
|
|
Modify BlocklistsClients to allow certificate preload and whitelist state to be stored in users' profiles
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-10-11
|
1441178
|
|
investigate "broken encryption" flag getting set when it shouldn't (or just remove it)
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-10-11
|
1500532
|
|
Please expose TLS session ticket lifetime in about:config
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-10-11
|
1699882
|
|
asynchronously search for client certificates
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-06-30
|
1722306
|
|
osclientcerts: RSA-PSS detection for macOS
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-11-29
|
1789458
|
|
Assertion failure: success (Transport Security Getters should not fail.), at security/manager/ssl/nsNSSIOLayer.cpp:1220
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2023-09-12
|
350612
|
|
client auth cert selection dialog should show URL requesting it
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-10-10
|
585352
|
|
Certificate Manager misleads users into thinking that they can distrust CAs and/or intermediates
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-10-17
|
1391703
|
|
Introduce common JSM for security/manager/tools/ scripts
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-06-13
|
1418451
|
|
Feature Request: Change how "Verified by:" value is obtained for SSL Certs in Firefox
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2021-07-13
|
1701658
|
|
Firefox crash when load a PKCS#11 Module which use std::regex_search
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2022-10-07
|
1839376
|
|
Intermittent security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js | single tracking bug
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2024-06-16
|
1850515
|
|
Intermittent security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | single tracking bug
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
Mon 00:21
|
1855176
|
|
Intermittent security/manager/ssl/tests/mochitest/browser/browser_clientAuthRememberService.js | single tracking bug
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2024-06-23
|
1882929
|
|
Intermittent TEST-UNEXPECTED-TIMEOUT security/manager/ssl/tests/unit/test_oskeystore.js | single tracking bug
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2024-06-23
|
1893960
|
|
Intermittent [tier 2] security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html (finished) | single tracking bug
|
Core
|
Security: PSM
|
nobody
|
REOP
|
---
|
2024-06-16
|
1102632
|
|
Remove SSL_ERROR_UNSUPPORTED_VERSION from insecure-fallback-enabled error code list
|
Core
|
Security: PSM
|
VYV03354
|
REOP
|
---
|
2022-10-11
|