mailing list archives
Re: Re: Mozilla Firefox Certificate Spoofing
From: Aviv Raff <avivra () gmail com>
Date: Sat, 31 Jul 2004 17:59:50 +0200
Has anyone tried the proof of concept with a real ssl cert and get it working?
Try here: http://avivra.europe.webmatrixhosting.net/moz/certspoof1.html
I just tried it using two different ssl urls and the page only redirected me to the
proper site. I did not see the output generated by document.writeln even after
viewing the source.
It works just fine with paypal.
Can anyone confirm this?
Confirmed. Using FireFox 0.9.2 on XP and Win2k3.
I haven't seen any mention of it on bugzilla either.
It's probably checked as a security issue, therefore it's not public.
Full-Disclosure - We believe in it.