Didn't notice my follow-up didn't include m.d.t.crypto, and this warning is perhaps important enough to warrant a repost for this audience since the thread did continue on here despite Jean-Marc's followup-to header.
Jean-Marc Desperrier wrote: > Until a better solution is deployed, here is the work around to make > Moxie Marlinspike's attack ineffective. Note that the "better fix" will be a default change for this very pref, and any user-modified value will continue to take precedence. Please remember to undo this change (delete the user pref) when we ship a fix or you will not get the updates. A bug covering Marlinspike's PoC (and others) is https://bugzilla.mozilla.org/show_bug.cgi?id=479336 Another spoof (that may or may not work depending on your font) is described at https://bugzilla.mozilla.org/show_bug.cgi?id=479413 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
