Revoking Trust in DigiCert Sdn. Bhd Intermediate Certificate Authority

11.03.11 - 10:56am

Issue

Entrust, Inc., a certificate authority in Mozilla’s root program, has informed us that one of their subordinate CAs, the Malaysian company DigiCert Sdn. Bhd, has issued 22 certificates with weak keys. While there is no indication they were issued fraudulently, the weak keys have allowed the certificates to be compromised. Furthermore, certificates from this CA contain several technical issues. They lack an EKU extension specifying their intended usage and they have been issued without revocation information.

This is not a Firefox-specific issue. Nevertheless, given our concerns about the technical practices of this certificate authority, we intend to revoke trust in the DigiCert Sdn. Bhd. intermediate certificate authority.

DigiCert Sdn. Bhd is a Malaysian subordinate CA under Entrust and Verizon (GTE CyberTrust). It bears no affiliation whatsoever with the US-based corporation DigiCert, Inc., which is a member of Mozilla’s root program.

Impact

An attacker could use one of these weak certificates to impersonate the legitimate owners. This could deceive users into trusting websites or signed software appearing to originate from these owners, but actually containing malicious content or software. The certificates in question were issued to a mix of Malaysian government websites and internal systems. We do not believe other sites are at risk.

Status

Mozilla is revoking trust in all certificates issued by DigiCert Sdn. Bhd. and the update will be in Firefox 8 and Firefox 3.6.24. Entrust has issued their own statement on the subject.

Credit

The issue was reported to us by Entrust, Inc.

Note: A member of the Mozilla community has translated this blog post into Malay.

Category: Security | | 12 Comments »

Attack against TLS-protected communications

09.27.11 - 10:29am

UPDATE 10.18.11: Today, Oracle is releasing a patch update to Java SE to address this vulnerability.  We recommend that users update their Java plugin to ensure that they have the latest and most secure fixes.  Windows users on auto update should start seeing the updates as early as this week.  Users can also manually download the update here: http://java.com.  Apple distributes Java updates directly for OS X.  We will not be blocking vulnerable versions of Java at this time, though we will continue to monitor for incidents of this vulnerability being exploited in the wild.

Issue

Juliano Rizzo and Thai Duong recently presented a paper detailing an information stealing attack against TLS-protected communications.  The attack is not Firefox specific, and Firefox is not vulnerable in default configurations, however some plugins may be.

Impact to users

A successful application of this man-in-the-middle attack would allow an attacker to steal information from encrypted communications. This could include cookie data, which may allow the attacker to impersonate the victim.

Status

Firefox itself is not vulnerable to this attack. While Firefox does use TLS 1.0 (the version of TLS with this weakness), the technical details of the attack require the ability to completely control the content of connections originating in the browser which Firefox does not allow.

The attackers have, however, found weaknesses in Java plugins that permit this attack. We recommend that users disable Java from the Firefox Add-ons Manager as a precaution. We are currently evaluating the feasibility of disabling Java universally in Firefox installs and will update this post if we do so.

Credit

This bug was reported by Juliano Rizzo and Thai Duong.

Category: Security | | 6 Comments »

DigiNotar Removal Follow Up

09.02.11 - 06:28pm

Earlier this week we revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort.

Three central issues informed our decision:

1) Failure to notify. DigiNotar detected and revoked some of the fraudulent certificates 6 weeks ago without notifying Mozilla. This is particularly troubling since some of the certificates were issued for our own addons.mozilla.org domain.

2) The scope of the breach remains unknown. While we were initially informed by Google that a fraudulent *.google.com certificate had been issued, DigiNotar eventually confirmed that more than 200 certificates had been issued against more than 20 different domains. We now know that the attackers also issued certificates from another of DigiNotar’s intermediate certificates without proper logging. It is therefore impossible for us to know how many fraudulent certificates exist, or which sites are targeted.

3) The attack is not theoretical. We have received multiple reports of these certificates being used in the wild.

Mozilla has a strong history of working with CAs to address shared technical challenges, as well as responding to and containing breaches when they do arise. In an incident earlier this year we worked with Comodo to block a set of mis-issued certificates that were detected, contained, and reported to us immediately. In DigiNotar’s case, by contrast, we have no confidence that the problem had been contained. Furthermore, their failure to notify leaves us deeply concerned about our ability to protect our users from future breaches.

Staat der Nederlanden Certificates

DigiNotar issues certificates as part of the Dutch government’s PKIoverheid (PKIgovernment) program. These certificates are issued from a different DigiNotar-controlled intermediate, and chain up to the Dutch government CA (Staat der Nederlanden). The Dutch government’s Computer Emergency Response Team (GovCERT) indicated that these certificates are issued independently of DigiNotar’s other processes and that, in their assessment, these had not been compromised. The Dutch government therefore requested that we exempt these certificates from the removal of trust, which we agreed to do in our initial security update early this week.

The Dutch government has since audited DigiNotar’s performance and rescinded this assessment. We are now removing the exemption for these certificates, meaning that all DigiNotar certificates will be untrusted by Mozilla products. We understand that other browser vendors are making similar changes. We’re also working with our Dutch localizers and the Bits of Freedom group in the Netherlands to contact individual site operators using affected certificates (based on the EFF’s SSL Observatory data).

The integrity of the SSL system cannot be maintained in secrecy. Incidents like this one demonstrate the need for active, immediate and comprehensive communication between CAs and software vendors to keep our collective users safe online.

Johnathan Nightingale
Director of Firefox Engineering

Category: Announcements, Firefox, Security, Security Updates | | 70 Comments »

Fraudulent *.google.com Certificate

08.29.11 - 02:59pm

Update (Sept. 6, 2011 @10:37 a.m. PT):

New security updates for Firefox are now available.

Update (8.30.11 @ 11:25 p.m. PT)

Mozilla just released an update to Firefox for Desktop, Thunderbird and SeaMonkey. Updates are now available for:
•    Firefox for Windows, Mac and Linux (final release)
•    Firefox for Windows, Mac and Linux (3.6.21 final release)
•    Firefox Aurora for Windows, Mac and Linux
•    Firefox Nightly for Windows, Mac and Linux
•    SeaMonkey (2.3.2)
•    Thunderbird (6.0.1)

We strongly recommend that all users upgrade to these releases.

If you already have Firefox, you will receive an automated update notification within 24 to 48 hours. Users can also manually check for updates if they do not want to wait for the automatic update.

New versions of Firefox for Mobile (final release and Beta), Firefox Beta for Desktop and Thunderbird will be released shortly.

Issue

Mozilla was informed today about the issuance of at least one fraudulent SSL certificate for public websites belonging to Google, Inc. This is not a Firefox-specific issue, and the certificate has now been revoked by its issuer, DigiNotar. This should protect most users.

Impact to users

Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site. We have received reports of these certificates being used in the wild.

Status

Because the extent of the mis-issuance is not clear, we are releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) shortly that will revoke trust in the DigiNotar root and protect users from this attack. We encourage all users to keep their software up-to-date by regularly applying security updates. Users can also manually disable the DigiNotar root through the Firefox preferences.

Credit

This issue was reported to us by Google, Inc.

 

Johnathan Nightingale
Director of Firefox Development

 

Category: Security, Security Updates | | 65 Comments »

Evolving the Security Review and Discussion Process

07.29.11 - 09:07am

“The journey of a thousand miles begins with one step.” ~ Lao Tzu
“If you do what you’ve always done, you’ll get what you’ve always gotten.” ~ Anthony Robbins

We’ve been thinking about and working and retooling our security review process over the last few months with a set of goals in mind.

Review more items and review them early in the development process.
Pretty straight forward, find more features/bugs/ideas that need to be looked at. Schedule them and find stuff. The challenge here was getting much more plugged into the development process, especially for desktop Firefox which is where we started our focus. As things move along we are branching out into mobile, messaging, and other projects. We also want teams to come to us instead of us having to chase them.

Reviews need to be useful to all involved.
The core idea that security has to be add value, not just some time that people spend in a room talking about theory or speed bump on the ship lane. The outcome of meetings with security should be valuable and should focus on finding a path through, not stopping because we find a “problem”. When we had blockers we had to be clear about why it’s a blocker and what needs to be done. When it’s not a blocker it had to have a severity and the importance communicated clearly for future prioritization. And if the meeting was done early, it was done early. Time is a resource we cannot replace or replenish and it has to be used wisely. If we wanted to get the first goal this had to happen. And the format of the meeting had to be more firm.

Results of a review should be easy to find and available for review.
We want everyone interested in security and the security of our products to review our work, be critical in feedback and find ways to improve. That means publishing what we did, when we did it and what if any actions were to come from the meetings. We did just that, and you can find it here https://wiki.mozilla.org/Security/Reviews.

Meetings need to be practicable, open, and publicized.
With the previous goals in mind the meeting format changed to something like this:

  •  Introduce Feature (5-10 minutes) [can be answered ahead of time to save meeting time]
  •  Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
    •  What solutions/approaches were considered other than the proposed solution?
    •  Why was this solution chosen?
    •  Any security threats already considered in the design and why?
  • Threat Brainstorming (30-40 minutes)
  • Conclusions / Action Items (10-20 minutes)

We also created a public calendar so that anyone who was interested could join in and share their knowledge; available as HTMLand .ICS. Every meeting also contains the information on how to dial-in and interact during the meetings.

Results So Far

So far this has had some good outcomes, we found and proactively fixed items in both CSS Animations and Server Sent DOM Events as examples. As well as having a large number of very productive conversations early in the development process with many teams that will yields results as we continue to work with them. By changing our focus to one of early intervention and positive paths we are also building a stronger culture of security focus across the Mozilla culture.

Other Related Changes

We also added some keywords to Bugzilla and some new items to the feature pages to help track our work, identify things that may need to be looked at and and allow others to nominate items for our review. Since I wrote about these on my personal blog I won’t repeat them here.

Looking Forward

We’ve made what I think are very useful changes that allow us to be more “fleet of foot” with the new rapid release process. We’ve done it in a uniquely Mozilla way while still leveraging from best practices from many in the industry. And it’s a great starting  point for even more positive change. We strive to give our users the most secure browsing experience, with a product they can trust and that puts privacy and security at the forefront.

As we evolve the process we encourage you to get involved by joining in our meetings, the wiki and discussions, as we do I will continue to write about what we are doing and share our journey with you.

-curtis

Category: Musings, Security | Tags: , | 1 Comment »

WebGL graphics memory stealing issue

06.16.11 - 06:44pm

Issue

There is a specific security issue with the WebGL implementation in Firefox 4.

Impact to users

This issue allows attackers to capture screen shots of private or confidential information.

Status

Mozilla is aware of this bug and has issued a fix that will be released with the next version of Firefox, tentatively scheduled for June 21. This is a Firefox-specific implementation issue not a WebGL specification issue. In the interim, to protect themselves users can update to Firefox Beta or temporarily disable WebGL. To disable WebGL, in Firefox go to about:config and set webgl.disabled to true.

Credit

The bug was reported by Context.

Category: Security | | 8 Comments »

Economics of vulnerabilites roundtable

06.10.11 - 02:59pm

Mozilla recently had the opportunity to participate in a panel discussion regarding the economics of vulnerabilities and bug bounties at the Hack in the Box conference in Amsterdam. Out of that came some interesting insights about how various markets are monetizing vulnerabilities, and the resulting implications for vendors, users and pretty much everyone else. You can read the full post here.

Category: Conferences, Musings, Security | | Comments Off

Comodo Certificate Issue – Follow Up

03.25.11 - 08:39am

This is a follow-up to the previous Mozilla report about the fraudulent certificates issued by Comodo last week.

On 15th March 2011, a RA partner of the Comodo CA suffered an internal security breach (Comodo incident report). The attacker used the RA’s account with Comodo to cause 9 fraudulent certificates to be issued.

The domain names of the certificates were as follows:

  • addons.mozilla.org
  • login.live.com
  • mail.google.com
  • www.google.com
  • login.yahoo.com (x3)
  • login.skype.com
  • global trustee

These certificates were issued between 6 and 8pm on 15th March from the UTN-UserFirst-Hardware root, without the use of an intermediate certificate. The attack was discovered almost immediately by an internal Comodo check, and the certificates were revoked (via both CRL and OCSP). The compromised RA account has been suspended.

So far, according to Comodo, the only OCSP activity seen relating to these certificates has been two hits, one from the attacker’s IP and one from another very close by, plus hits from testing by Comodo and the notified companies. This suggests that the certificates have not been deployed in an attack, though it is possible that the attackers would block OCSP requests as well.

The IP address 212.95.136.18 appeared to be associated with the attack. According to Comodo, this IP address is an ADSL connection in Iran. From the OCSP traffic mentioned above, we think the attacker is aware that the certificates have been revoked.

Risk Analysis

Given the above, we do not believe that there has been a root key compromise. Nevertheless, an attacker armed with these fraudulent certificates and an ability to control their victim’s network could impersonate the sites in a way that would be undetectable to most users.

With particular regard to Mozilla, the certificate for ‘addons.mozilla.org’ would allow the attacker to imitate the addons.mozilla.org website, and potentially deceive users into downloading malicious software. However, they would not be able to interfere with automatic updates, either to Firefox or to addons. These mechanisms use different domain names, and updates to Firefox also do additional checks to match the certificate issuer to the expected value (which is not UTN-UserFirst-Hardware).

Mitigating Risk

On being informed of this issue by Comodo at 9.47pm GMT on 16th March, Mozilla considered a number of technical avenues. Although Comodo’s revocation is a significant mitigating step, we thought that additional measures made sense and eventually decided to hard-code a blacklist of the certificate serial numbers into Firefox. We therefore produced RC2 of Firefox 4 (released as Firefox 4 final on 22nd March), with two additional code patches (1, 2). These patches disable these specific certificates, plus one additional certificate issued to us by Comodo for testing, making a total of 10. These fixes were also included in updates to Firefox 3.5 and 3.6, also released on 22nd March. As soon as all the patched versions were released, we made a release announcement with some details of the problem.

Mozilla did not publish the information we received prior to shipping a patch. In early discussions, we were concerned that any indication that we knew about the attack would lead to attackers blocking our security updates as well. We also recognized that the obvious mitigation advice we might offer (to change Firefox’s security preferences to require a valid OCSP response in all cases, or to remove trust from Comodo’s certificates, or both) risked causing a significant portion of the legitimate web to break as well.

Additionally, neither we nor Comodo have found any evidence of access to their OCSP responder being blocked, either in Iran or anywhere else. We have also found no evidence of any other sort of attack.

In hindsight, while it was made in good faith, this was the wrong decision. We should have informed web users more quickly about the threat and the potential mitigations as well as their side-effects.

Mozilla has requested that Comodo do the following:

  1. Publish a full account of exactly what happened. (So far: they have published an incident report and a blog post.)
  2. Monitor their OCSP logs for evidence of use of these certificates, or evidence that access to their OCSP responders is being blocked from any geographical locations. (So far: no sign of use or blocking.)
  3. Cancel all relationship with the RA concerned. (So far: the RA is suspended.)
  4. Change their practices to use intermediate certs rather than issuing directly off the root, and use a different one for each RA.

Ongoing Discussion

Unfortunately, the practice of issuing certs directly from the root eliminated some possible steps we could have taken to mitigate the problem. We are concerned about the amount of trust Comodo seems to have placed in RAs whose network security they did not oversee.

Comodo appropriately revoked the certificates immediately and notified the major browser vendors so that more proactive actions could be taken. We are still working with Comodo to find more information on how the breach occurred and what measures they plan to put in place to prevent future recurrences.

This issue raises many questions about the systems surrounding authentication and security on the web. We intend to have a vigorous discussion about what technical and policy changes we can make to significantly improve the situation. You can join the discussion in the mozilla.dev.security.policy forum.

Category: Firefox, Security | | 30 Comments »

Firefox Blocking Fraudulent Certificates

03.22.11 - 08:28pm

Issue

Mozilla has been informed about the issuance of several fraudulent SSL certificates for public websites. The certificates have been revoked by their issuer which should protect most users. This is not a Firefox-specific issue. As part of our ongoing commitment to providing a secure Web experience for users, we have updated Firefox 4.0, 3.6, and 3.5 to recognize these certificates and block them automatically.

Impact to users

Users on a compromised network could be directed to sites using the fraudulent certificates and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site.

Status

Current versions of Firefox are protected from this attack. We are still evaluating the possibility of further response to this issue. We encourage all users to keep their software up to date by regularly applying security updates.

Credit

This issue was reported to us by the Comodo Group, Inc., the certificate authority responsible for issuing the fraudulent certificates.

Category: Firefox, Security | | 27 Comments »

Creating a Safer Web with Content Security Policy

03.22.11 - 06:00am

One of the new features in Firefox 4 that we are very excited about is Content Security Policy, which is a mechanism that works behind the scenes to prevent some of the more severe web-based attacks against users and websites.

Firefox users don’t have to do anything in order to gain this protection. Simply install Firefox 4 and you will instantly receive all of the benefits that Content Security Policy has to offer. Easy!

If you are a web developer who wants to learn how to deploy this feature on your site, head over to the Mozilla Developer Center and see how easy it is to write a policy.

We expect Content Security Policy to be widely adopted very quickly. There are popular commercial websites like Twitter who are already using it, and there are CSP plugins for many of the popular content management systems like WordPress, Django and Drupal. If this works out according to plan, the curtain will soon be coming down on a broad range of nasty web bugs!

Brandon Sterne
Man-in-the-Middle

Category: Firefox, Security | | 6 Comments »