Full Disclosure mailing list archives

Re: Re: Mozilla Firefox Certificate Spoofing

From: Peter Besenbruch <prb () lava net>
Date: Sat, 31 Jul 2004 07:59:44 -1000

Stephen Samuel wrote:

> Has this been posted to bugilla????
>
>
> E.Kellinis wrote:
>
>> #########################################
>> Application:    Mozilla Firefox
>> Vendors:        http://www.mozilla.com
>> Version:         0.9.1 / 0.9.2
>> Platforms:       Windows
>> Bug:               Certificate Spoofing (Phishing)
>> Risk:              High
>> Exploitation:   Remote with browser
>> Date:             25 July 2004
>> Author:          Emmanouel Kellinis
>> e-mail:           me@cipher(dot)org(dot)uk
>> web:              http://www.cipher.org.uk
>> List :              BugTraq(SecurityFocus)/ Full-Disclosure
>> #########################################

This was fixed by the July 27 builds in both Firefox 0.9.2( or 1) andMozilla 1.7. The Mozilla 1.4 branch was also updated.


Bugzilla report:
http://bugzilla.mozilla.org/show_bug.cgi?id=253121

________________________________________________________________

Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Mozilla Firefox Certificate Spoofing E.Kellinis (Jul 25)
- Checkpoint ASN.1 Matt Foster (Jul 29)
  - Re: Checkpoint ASN.1 Matt Kaar (Jul 29)
- Re: Mozilla Firefox Certificate Spoofing Stephen Samuel (Jul 31)
  - Re: Re: Mozilla Firefox Certificate Spoofing Juan Carlos Navea (Jul 31)
    - Re: Re: Mozilla Firefox Certificate Spoofing Will Beers (Jul 31)
  - Re: Re: Mozilla Firefox Certificate Spoofing Peter Besenbruch (Jul 31)
- <Possible follow-ups>
- Re: Re: Mozilla Firefox Certificate Spoofing Aviv Raff (Jul 31)