John Nagle <[email protected]> writes: >There's a real risk here. A break-in at any of those sites allows >impersonating all of them. This creates a huge attack surface.
It's actually a lot worse than that, see "Virtual Host Confusion: Weaknesses and Exploits" by Antoine Delignat-Lavaud and Karthikeyan Bhargavan from this year's Black Hat. Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
