* Vincent Lefevre ([EMAIL PROTECTED]) wrote: > On 2005-08-13 22:41:27 -0400, Eric Dorland wrote: > > Umm, no. The IDN problem was a trust issue. With the IDN issue, I > > could get a DNS name and certificate for something that was rendered > > as paypal.com, even though it wasn't. So that could be exploited to > > have you trust a site that should not be trusted. > > > > Please explain how these issue could be exploited to create a > > vulnerability. > > The IDN problem is a trust issue concerning a web site. The bug#303246 > is a trust issue concerning Firefox: when the bug occurs the user > thinks that Firefox has done something, i.e. putting some text in > the primary selection, but in the reality, it has also silently > done something else: downloading a URL, which may have private or > confidential contents (in the case of an authenticated part of a > web site).
Right, but conceivably you could of downloaded that anyway, you can't use this problem to bypass the authentication, so where's the attack? -- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ G e h! r- y+ ------END GEEK CODE BLOCK------
signature.asc
Description: Digital signature
