BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Certificate spoofing issue with Mozilla, Konqueror, Safari 2 Nov 18 2007 07:43PM
Nils Toedtmann (securityfocus nils toedtmann net)
Moin *

Mozilla based browsers (Firefox, Netscape, ...), Konqueror and Safari 2
do not bind a user-approved webserver certificate to the originating
domain name. This makes the user vulnerable to certificate spoofing by
"subjectAltName:dNSName" extensions.

I set up a demonstration at <http://test....

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus