## DigiCert Code Signing Certificates Misissued, Mozilla Bug Tracker Reveals Security Lapse DigiCert, a major certificate authority, has misissued code signing certificates, according to a bug report filed with Mozilla's security tracking system. The disclosure, logged as Bugzilla issue 2033170, raises immediate questions about validation controls at one of the industry's most prominent PKI providers and could prompt scrutiny from browser vendors and enterprise security teams alike. Code signing certificates play a critical role in software supply chain security, allowing developers to cryptographically sign executables and scripts that operating systems and security tools recognize as trustworthy. When a certificate authority misissues these credentials—whether through process failure, domain validation breakdown, or other control gaps—the downstream risk includes potential abuse by malicious actors seeking to sign malware or unauthorized code under legitimate organizational identities. The Mozilla bug report signals that the misissuance was significant enough to warrant formal tracking through channels typically reserved for incidents affecting browser trust roots and certificate authority compliance. The incident places DigiCert under renewed pressure as certificate authorities face increasing regulatory and technical oversight following years of high-profile PKI failures across the industry. While the full scope of affected certificates and root cause remain detailed in the Bugzilla entry, the disclosure alone is likely to trigger internal reviews among organizations relying on DigiCert-issued code signing credentials and may invite questions from other root programs beyond Mozilla. For security teams managing software integrity, the report underscores the importance of monitoring certificate transparency logs and maintaining internal inventories of trusted signing identities. --- - **Source**: r/netsec - **Sector**: The Lab - **Tags**: code signing, certificate authority, PKI, Mozilla, misissuance - **Credibility**: unverified - **Published**: 2026-05-09 04:31:39 - **ID**: 80978 - **URL**: https://whisperx.ai/en/intel/80978