* Kyle Hamilton: > This is a valid PayPal URL that issues a redirect to an external site, > which just happens (at this moment) to spoof the PayPal layout. > > Is there any provision anywhere for a "you are leaving an EV site to > go to a non-EV SSL site or an unencrypted site" kind of warning?
The next step is an to exploit a cross-site scripting vulnerability on an EV site. Should Firefox display a warning if an EV site uses Javascript (or contains an IFRAME)? There is little you can do on the browser side if the site operator fails to do a proper job. 8-( _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
