← Start Commercial (StartCom) Ltd. cases
Bugzilla #1283498 Certificate Misissuance

StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates

RESOLVED Start Commercial (StartCom) Ltd.
AI Summary

A vulnerability in StartCom's StartEncrypt service allowed the fraudulent issuance of certificates for major domains, including google.com and dropbox.com. This incident raised significant concerns about the security practices of StartCom. Following the discovery, StartCom took steps to close the service and announced the fix on their website. Mozilla has since taken action against StartCom in light of this issue.

Model: gpt-4o-mini Generated: 2026-06-13 14:04 UTC Confidence: 0.95
Chronology
  1. Vulnerability reported allowing fraudulent certificate issuance.
  2. StartCom closed the StartEncrypt service.
  3. Mozilla took action against StartCom.
Participants
Dan Callahan Kathleen Wilson Eddy Nigg Gervase Markham
External References
Original Bugzilla Case www.computest.nl groups.google.com www.startssl.com
Similar Local Cases
#1386891 RESOLVED Certificate Misissuance Opened 2017-08-02 · Closed 2023-02-22 · 67% similar
Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB
AI Summary CA Owner
#1414039 RESOLVED Certificate Misissuance Opened 2017-11-02 · Closed 2024-05-09 · 59% similar
Let's Encrypt: Attacker-controlled google.tg certificate being used in the wild.
AI Summary CA Owner
#471702 RESOLVED Certificate Misissuance Opened 2008-12-31 · Closed 2022-11-14 · 58% similar
StartCom's key for bogus www.mozilla.com certificate should be destroyed
AI Summary CA Owner
#1369359 RESOLVED Certificate Misissuance Opened 2017-06-01 · Closed 2023-02-22 · 57% similar
StartCom: mis-issuance of certs with unvalidated domain names and bogus field values
AI Summary CA Owner
#1293366 RESOLVED Certificate Misissuance Opened 2016-08-08 · Closed 2022-11-14 · 57% similar
WoSign issued SHA-1 SSL certs and backdated the issuance date on SSL certificates
AI Summary CA Owner
#1319609 RESOLVED Certificate Misissuance Opened 2016-11-23 · Closed 2023-02-22 · 57% similar
Let's Encrypt: certs issued contrary to CPS due to incomplete blocklist
AI Summary CA Owner
#1315016 RESOLVED Certificate Misissuance Opened 2016-11-03 · Closed 2022-11-14 · 56% similar
SHA-1 issuance by Visa root
AI Summary CA Owner
#1405815 RESOLVED Certificate Misissuance Opened 2017-10-04 · Closed 2023-02-22 · 55% similar
Camerfirma: Certs issued with same issuer and serial number
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action