← Start Commercial (StartCom) Ltd. cases
Bugzilla #471702 Certificate Misissuance

StartCom's key for bogus www.mozilla.com certificate should be destroyed

RESOLVED Start Commercial (StartCom) Ltd.
AI Summary

This case addresses the fraudulent issuance of a certificate for www.mozilla.com by StartCom, which was obtained under questionable circumstances. The certificate's existence raised significant security concerns, prompting calls for the destruction of the associated private key. The case was ultimately resolved with the conclusion that the request for destruction was invalid, as it was beyond the authority of the bug system to enforce such a request.

Model: gpt-4o-mini Generated: 2026-06-13 12:10 UTC Confidence: 0.90
Chronology
  1. Initial report of fraudulent certificate issuance
  2. Case marked as resolved
Participants
Sam Johnston Frank Hecker Eddy Nigg
External References
Original Bugzilla Case blog.startcom.org groups.google.com
Related Bugzilla IDs Mentioned
#470897
Similar Local Cases
#1283498 RESOLVED Certificate Misissuance Opened 2016-06-30 · Closed 2022-11-14 · 58% similar
StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates
AI Summary CA Owner
#1409760 RESOLVED Certificate Misissuance Opened 2017-10-18 · Closed 2022-11-14 · 48% similar
StartCom: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record
AI Summary CA Owner
#1369359 RESOLVED Certificate Misissuance Opened 2017-06-01 · Closed 2023-02-22 · 48% similar
StartCom: mis-issuance of certs with unvalidated domain names and bogus field values
AI Summary CA Owner
#1369342 RESOLVED Certificate Misissuance Opened 2017-06-01 · Closed 2023-02-22 · 48% similar
StartCom: 'un-revoking' intermediate certificates
AI Summary CA Owner
#1408647 RESOLVED Certificate Misissuance Opened 2017-10-14 · Closed 2022-11-14 · 39% similar
Logius: Staat der Nederlanden CA trust issue (WiV)
AI Summary CA Owner
#1414039 RESOLVED Certificate Misissuance Opened 2017-11-02 · Closed 2024-05-09 · 39% similar
Let's Encrypt: Attacker-controlled google.tg certificate being used in the wild.
AI Summary CA Owner
#2032479 RESOLVED Certificate Misissuance Opened 2026-04-16 · Closed 2026-05-13 · 38% similar
Certisign: Misissuance detected by PKIMetal
AI Summary CA Owner
#1519572 RESOLVED Certificate Misissuance Opened 2019-01-11 · Closed 2023-02-22 · 38% similar
DigiCert: Underscores - Intuit
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action