Mozilla Foundation Security Advisory 2014-65

Certificate parsing broken by non-standard character encoding

Announced
July 22, 2014
Reporter
Christian Holler
Impact
Moderate
Products
Firefox, Thunderbird
Fixed in
  • Firefox 31
  • Thunderbird 31

Description

Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII formatted text. All of these issues causes the certificates to be incorrectly parsed, leading to a potential inability to use valid SSL certificates.

References