On 2005-08-13 22:41:27 -0400, Eric Dorland wrote: > Umm, no. The IDN problem was a trust issue. With the IDN issue, I > could get a DNS name and certificate for something that was rendered > as paypal.com, even though it wasn't. So that could be exploited to > have you trust a site that should not be trusted. > > Please explain how these issue could be exploited to create a > vulnerability.
The IDN problem is a trust issue concerning a web site. The bug#303246 is a trust issue concerning Firefox: when the bug occurs the user thinks that Firefox has done something, i.e. putting some text in the primary selection, but in the reality, it has also silently done something else: downloading a URL, which may have private or confidential contents (in the case of an authenticated part of a web site). -- Vincent Lefèvre <[EMAIL PROTECTED]> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / SPACES project at LORIA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
