← Start Commercial (StartCom) Ltd. cases
Bugzilla #471702 · Certificate Misissuance

StartCom's key for bogus www.mozilla.com certificate should be destroyed

Start Commercial (StartCom) Ltd. · RESOLVED
AI Summary

This case addresses the fraudulent issuance of a certificate for www.mozilla.com by StartCom, which was obtained under questionable circumstances. The certificate's existence raised significant security concerns, prompting calls for the destruction of the associated private key. The case was ultimately resolved with the conclusion that the request for destruction was invalid, as it was beyond the authority of the bug system to enforce such a request.

Model: gpt-4o-mini Generated: 2026-06-13 12:10 UTC Confidence: 0.90
Chronology
  1. Initial report of fraudulent certificate issuance
  2. Case marked as resolved
Participants
Sam Johnston Frank Hecker Eddy Nigg
External References
Original Bugzilla Case blog.startcom.org groups.google.com
Related Bugzilla IDs Mentioned
#470897
Similar Local Cases
#1283498 RESOLVED Certificate Misissuance Opened 2016-06-30 · Closed 2022-11-14 · 58% similar
StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates
AI Summary CA Owner
#1414039 RESOLVED Certificate Misissuance Opened 2017-11-02 · Closed 2024-05-09 · 39% similar
Let's Encrypt: Attacker-controlled google.tg certificate being used in the wild.
AI Summary CA Owner
#1519572 RESOLVED Certificate Misissuance Opened 2019-01-11 · Closed 2023-02-22 · 38% similar
DigiCert: Underscores - Intuit
AI Summary CA Owner
#1438216 RESOLVED Certificate Misissuance Opened 2018-02-14 · Closed 2022-11-14 · 38% similar
DigiCert: Incorrectly issued EV Certificate
AI Summary CA Owner
#1409735 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2024-05-09 · 38% similar
DigiCert: RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone
AI Summary CA Owner
#1397968 RESOLVED Certificate Misissuance Opened 2017-09-08 · Closed 2023-02-22 · 38% similar
DigiCert / Verizon: Reserved/Intranet domain name
AI Summary CA Owner
#1397963 RESOLVED Certificate Misissuance Opened 2017-09-07 · Closed 2023-02-22 · 38% similar
DigiCert / Wells Fargo: Invalid DNS names
AI Summary CA Owner
#1353827 RESOLVED Certificate Misissuance Opened 2017-04-05 · Closed 2023-02-22 · 38% similar
DigiCert: DigiCert issued cert with CN too long
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action