Native widget Firefox for Android is really focused on phones, not tablets. That said, please file bugs for the tablet issues you see.

I bring this up because in Firefox v6, it does show the SSL certificate, but no method is provided to confirm or validate the non-EV certificate.

In addition, I loaded a SSL website that uses a known Fraudulent SSL Certificate Authority for GTE, same used for Microsoft, in IE9, as a test to see if IE9 would detect the invalid signature… IE9 FAILED, but Firefox v6 PASSED the test.

The non-EV certificates can be spoofed, Java injection, MITM and worse NOT even Firefox warns the browser end user about SSL certificate mixing, iframe or popup SSL Phishing attacks.

It’s open season upon the Internet for MITM SSL attacks, especially with DNS redirection. Let’s not forget MD5 collisions is another method of attack, which Google ought to insure all SSL certificates are using SHA512…

Why isn’t Firefox providing a global certificate repository, so nobody needs to depends upon the Microsoft pre-install, pre-loaded certifciate root authority in Windows?

Why trust Microsoft who cannot insure Certificate Authorities around the world (thousands of them) who PAID Microsoft to ADD them into Windows?

Already 50% of the certificate authorities used in Windows 7 SP1 are UNTRUSTED.

And that’s the discovered bad ones found, what about the unknown and unreported illegitimate certificates floating around?

Everyone needs a honest system here, not a proprietary Microsoft knows best for NOT being a security company.

Please do the good thing Google, Firefox and the open source community. Kick out Microsoft, end the security breaches, design a global repository letting everyone update and check instantly who is legitimate.

A second benefit here would be to allow everyone to participate, no more PAYING Microsoft to distribute their own root certificates only.

You get the idea…. lets see some results, okay?

I’ll have to rethink my whole stance on the issue now. Have no idea what to think of it…