Full Disclosure mailing list archives
Re: Mozilla Firefox Certificate Spoofing
From: Aviv Raff <avivra () gmail com>
Date: Mon, 2 Aug 2004 09:43:51 +0300
evilninja wrote:
i was not able to reproduce it in "Gecko/20040719 Firefox/0.9.1" either. all i get is the real https:// site and this in the JS log: Error: unterminated string literal Source File: Line: 1, Column: 17 Source Code: document.writeln('<body onload=document.close();break;>
The original PoC contains an invalid JS code in the onunload event. I've created a copy of the PoC without the problematic apostrophe that causes the JS code to be invalid. Here: http://avivra.europe.webmatrixhosting.net/moz/certspoof1.html -- Aviv Raff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Mozilla Firefox Certificate Spoofing evilninja (Aug 01)
- <Possible follow-ups>
- Re: Re: Mozilla Firefox Certificate Spoofing Alain Crespo (Aug 01)
- Re: Mozilla Firefox Certificate Spoofing Aviv Raff (Aug 02)