An attacker can discover various details about Firefox users due to the manner in which the browser caches intermediate CA certificates, a researcher has discovered.
When the server doesn’t deliver the complete certificate chain, Firefox loads the website if the intermediate CA certificate is cached, security researcher Alexander Klink discovered. By determining which websites use the same intermediate, an attacker could figure out some details about the user, the researcher says.
Normally, root Certificate Authorities (CAs) don’t use the main root certificate to secure connections, but generate intermediate certificates instead. Webservers use these intermediates to generate certificates for each user, and deliver these (server certificates) to the browser along with the intermediate CA certificate when establishing a connection.
When a server is misconfigured, only the server certificate is sent, which should result in the user getting an error instead of the website. However, if the intermediate CA certificate has been already cached, the user will be able to connect. While Chrome and Internet Explorer don’t rely on the entire chain to deliver a website, Firefox does, but uses cached CAs even when in Private Mode, the researcher has discovered.
According to Klink, an attacker could use this knowledge to determine specific details about targeted users, based on the intermediate CA certificates cached by their browsers. However, these details would be limited to geolocation, maybe browsing habits, and whether the victim’s browser runs in a sandbox (which would lack cached certificates). The attacker could sell this information to advertising companies or could leverage it to deliver specific content to the targeted users.
“In addition to the purely »statistical« view of having a fingerprint with a sequence of n bits representing the cache status for each tested CA, the fingerprint also contains additional semantic information. Certain CAs have customers mostly in one country or region, or might have even more specific use-cases which lets you infer even more information − i.e. a user who has the »Deutsche Bundestag CA« cached is most probably located in Germany and probably at least somewhat interested in politics,” the researcher explains.
Klink also notes that he contacted Mozilla on the matter in January, but that there are no details on what course of action the organization will take. The “cleanest solution” would be to avoid connecting to incorrectly configured servers, even if the intermediate CA is cached, but “Mozilla is reluctant to implement that without knowing the impact,” the researcher says.
Users can stay protected by regularly cleaning up their profiles, by creating new ones, by cleaning up existing ones from the Firefox UI, or by using the certutil command line tool. They can also block third-party requests with an addon, mainly because “the attack obviously needs to make (a lot of) third-party requests,” Klink concludes.
Related: GoDaddy Revokes Nearly 9,000 SSL Certificates
Related: CASC Releases Minimum Requirements for Code Signing Certificates
Related: Chrome’s Certificate Transparency to Become Mandatory