Firefox certificate cache leaks user information
Mozilla devs debate whether this is a bug or a feature
Firefox's intermediate certificate cache can be tricked into leaking to a deliberately mis-configured server, creating yet-another chance to fingerprint users (including those who think they're protected by Private Browsing).
The data leak identified by security researcher Alexander Klink could also let a malicious attacker identify browsers operating in a sandbox (for malware analysis) or not.
When starting a TLS session (for HTTPS), a correctly-configured server, he explains, sends a visiting browser both the intermediate CA (which Firefox caches) and its server CA, while a misconfigured server will only send the server CA. In the latter case, the site will only load if the user already has the intermediate cached.
That's the genesis of Klink's realisation that if a user's browser behaves differently depending on server config, there might be some way to use that behaviour to infer which intermediate certificates are in their cache – and use that knowledge to create a user fingerprint.
Filed as bug #1334485 by Klink, the bug would let a third party Website send a request, and Firefox will leak the intermediate CAs from its cache. Having run a proof-of-concept, Klink says it even catches CAs from browsers operating in Private Browsing mode, because that mode doesn't isolate the cache.
Since certificate information is necessarily public, it needed only some time combing Root CA Extract data to build a list of certificate chains, and Project Sonar data to identify misconfigured sites.
As well as fingerprinting users, Klink says, there's a certain amount of mostly geographical data leakage about users' browsing habits.
The issue has raised a lively discussion at the Mozilla list about the severity of the problem and whether it's fixable. Gervase Markham notes that a useful attack would be non-trivial, while noting however that the authors of the Tor browser might consider disabling caching in their software. ®