Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Mozilla Firefox Certificate Spoofing
From: Aviv Raff <avivra () gmail com>
Date: Sat, 31 Jul 2004 17:59:50 +0200

Has anyone tried the proof of concept with a real ssl cert and get it working? 

Try here: http://avivra.europe.webmatrixhosting.net/moz/certspoof1.html

I just tried it using two different ssl urls and the page only redirected me to the 
proper site. I did not see the output generated by document.writeln even after 
viewing the source.

It works just fine with paypal.

Can anyone confirm this? 

Confirmed. Using FireFox 0.9.2 on XP and Win2k3.

I haven't seen any mention of it on bugzilla either.

It's probably checked as a security issue, therefore it's not public.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]