On 01/03/2009 09:03 PM, Nelson B Bolyard:
I hate to say it, but it's possible for the browser user to change those values without either (a) modifying the browser or (b) using some proxy tool.
I don't know another way, but I'm glad to learn how.
So let me ask: Did Mike Zusman confirm that he was using such a tool?
Yes
But that server input verification flaw is fixed now, right?
Correct, as also stated in the event report. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
