Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2015-08

Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension

Announced
January 13, 2015
Reporter
Brian Smith
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 35
  • SeaMonkey 2.32

Description

Brian Smith reported that delegated Online Certificate Status Protocol (OCSP) responder certificates fail to recognize the id-pkix-ocsp-nocheck extension. If this extension is present in a delegated OCSP response signing certificate, it will be discarded if it is signed by such a certificate. This could result in a user connecting to a site with a revoked certificate.

References