Full Disclosure mailing list archives
Re: Re: Mozilla Firefox Certificate Spoofing
From: Aviv Raff <avivra () gmail com>
Date: Sat, 31 Jul 2004 17:59:50 +0200
Has anyone tried the proof of concept with a real ssl cert and get it working?
Yep. Try here: http://avivra.europe.webmatrixhosting.net/moz/certspoof1.html
I just tried it using two different ssl urls and the page only redirected me to the proper site. I did not see the output generated by document.writeln even after viewing the source.
It works just fine with paypal.
Can anyone confirm this?
Confirmed. Using FireFox 0.9.2 on XP and Win2k3.
I haven't seen any mention of it on bugzilla either.
It's probably checked as a security issue, therefore it's not public. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Mozilla Firefox Certificate Spoofing E.Kellinis (Jul 25)
- Checkpoint ASN.1 Matt Foster (Jul 29)
- Re: Checkpoint ASN.1 Matt Kaar (Jul 29)
- Re: Mozilla Firefox Certificate Spoofing Stephen Samuel (Jul 31)
- Re: Re: Mozilla Firefox Certificate Spoofing Juan Carlos Navea (Jul 31)
- Re: Re: Mozilla Firefox Certificate Spoofing Will Beers (Jul 31)
- Re: Re: Mozilla Firefox Certificate Spoofing Peter Besenbruch (Jul 31)
- Re: Re: Mozilla Firefox Certificate Spoofing Juan Carlos Navea (Jul 31)
- <Possible follow-ups>
- Re: Re: Mozilla Firefox Certificate Spoofing Aviv Raff (Jul 31)
- Checkpoint ASN.1 Matt Foster (Jul 29)