-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Juha-Matti Laurio wrote: | The most recent Firefox 2.0.0.12 version is RC4 still: | http://www.mozilla.com/en-US/firefox/2.0.0.12/releasenotes/ | | You can't download Firefox 2.0.12 Final yet.
So if that's the case, did the author of this thread report this to the FF team? /me doesn't see the point of sending this type of e-mail out to a list. ~ Since this is a Release Candidate - not even released. Just report it to the authors and let them fix it for the final. Thanks Juha-Matti Laurio, for the clarification. | | Juha-Matti | | carl hardwick <[EMAIL PROTECTED]> wrote: |> Firefox seems to have trouble with defining the proper hostname when |> requesting a ssl connection. I was able to trick Firefox in thinking |> the hostname behind the at-sign is legit and the same as the URI that |> requested an ssl connection, and this without a warning. |> |> PoC: https://[EMAIL PROTECTED] |> |> You can add as much garbage between .com and the @ sign. |> |> So what else can we do? |> |> PoC: |> [EMAIL PROTECTED] |> [EMAIL PROTECTED] |> |> ah heck we don't need that at all: |> [EMAIL PROTECTED] |> |> works fine also :) |> | | _______________________________________________ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ | - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | | / \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) iEYEARECAAYFAken4SYACgkQcfN68iZZIcfP1gCcChRWeu4nH+cbSJJ69I4AH7eI DYkAoKRkc6PE6WEqdFIN53kMYYPOhu+H =ZMTM -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
