HTTPS logo

The way in which Firefox caches intermediate CA certificates allows a third-party to deduce various details about website visitors and also link advertising profiles to private browsing sessions.

Before we go on, it is important that non-technical users understand what is an intermediate CA certificate.

At the top of the entire HTTPS infrastructure we have root CAs (Certificate Authorities), which are companies such as Comodo, Symantec, DigiSign, and others.

For security reasons, root CAs generate intermediate certificates, instead of using the main root certificate. This way, when an intermediate CA certificate gets compromised, the root CA continues to operate and doesn't have to revoke and replace certificates for all its clients, but only a few.

When a website owner comes to the root CA wanting to support HTTPS on their site, the root CA uses one of the intermediate CA certificates to generate a per-client server certificate.

Website owners use this certificate to generate per-visitor SSL certificates they send to users' browsers.

The entire certificates chain is complex, but when a user accesses a site, the web server, if properly configured must reply with both the intermediate CA certificate and the server certificate.

Correct way to load sites via HTTPS
Correct way to load sites via HTTPS

Unfortunately, not all server administrators implement HTTPS the correct way, and in some cases, you end up with the server sending only the server certificate, and not the intermediate CA certificate. This usually generates an error in the user's browser.

Incorrect way to load sites via HTTPS
Incorrect way to load sites via HTTPS

To speed up website loading operations, Firefox caches intermediate CA certificates.

According to security researcher Alexander Klink, this allows a third-party to test which intermediate CA certificates are already available in the Firefox cache via one simple test.

Simple test can reveal geographical location, browsing habits

Behind the user's back, a third-party (like an advertiser) can load content (such as favicons) from incorrectly configured HTTPS sites.

Because many HTTPS sites share the same intermediate CA certificate, some will load correctly because the certificate will be available in the Firefox cache, even if the incorrectly configured HTTPS server does not actually send it.

If the load operation generates an error, then it means the user hasn't visited any of the sites that use that specific intermediate CA certificate.

This simple technique will allow an advertisers to know if the user has visited a certain set of websites.

"Certain CAs have customers mostly in one country or region," Klink explains. "A user who has the »Deutsche Bundestag CA« [German Parliament CA] cached is most probably located in Germany and probably at least somewhat interested in politics."

The type of information that someone can gather through this user fingerprinting technique is very limited, mostly to broad geographical location and browsing habits.

Nevertheless, this can be yet another method that advertisers can use to collect information on users, among the many they already have at their disposal, and improve the accuracy of their advertising profiles.

Test results from a demo site created by Klinke
Test results from a demo site created by Klink

Because Firefox uses the same certificates cache for public and private browsing sessions, advertisers can deanonymize private browsing sessions and link them to certain user profiles.

Test can be used by malware authors as well

Besides user privacy, the technique can also be used by malware authors.

"From an attacker’s perspective, this could also be used to check if the browser is running inside a malware analysis sandbox (which would probably have none or very few of the common intermediates cached) and delivering different content based on that information," Klink also noted.

Mozilla working on a fix

The researcher has already notified Mozilla of this fingerprinting vector, and the Foundation's engineers are in the middle of implementing telemetry systems to gather information if the intermediate certificate cache system is actually helping users or not. At the moment, it looks like it will take a while before Mozilla acts on this fingerprinting vector.

"The cleanest solution would obviously be to not connect to incorrectly configured servers, regardless of whether the intermediate is cached or not," said Klink. "Understandably, Mozilla is reluctant to implement that without knowing the impact."

The same fingerprinting vector also affects users of the Tor Browser, which is built on an older Firefox version, but the issue isn't as impactful.

"Tor Browser's current defense against cached certificate-based tracking is to set 'security.nocertdb' to true," said Firefox engineer Arthur Edelstein, meaning intermediate CA certificates aren't cached between browser sessions.

Klink has also put together a demo site to demonstrate his findings.