Comments: Firefox first blood - bug allows any domain to be "owned"

Uh-oh, Internet Explorer is affected by the same bug, and it was actively exploited. Just look for spam mail advertizing ro1ex.com and va1ium.com.

In other words, this is not a browser bug. You just can't infer the authenticity of a web site based on its name (or its SSL certificate).

Posted by Florian Weimer at February 7, 2005 12:25 PM

Hey Ian,
This is one of a whole class of bugs to be found in the firefox code base...


go to www.spoofstick.com for a firefox extension that performs independent verification of the website being currently viewed.


suprised the schmoo.com kids didnt pick up on this one...


BTW no bucks no buck rogers(to quote RAH)

M and I WONT make dominica at the end of the month.. will you??

you know the address already to return mail

warm regards,
gwen hastings

Posted by gwen hastings at February 8, 2005 09:35 PM
Post a comment









Remember personal info?






Hit Preview to see your comment. 
MT::App::Comments=HASH(0x5630b4616368) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.