> On unsecured networks, attackers could stealthily > create malicious Application Caches in the browser of victims for even HTTPS > sites. It has always been possible to poison the browser cache and > compromise the victim's account for HTTP based sites. > With HTML5 Application Cache, it is possible to poison the cache of even > HTTPS sites. > == > > Is it agreed that if the above is true -- meaning, separation doesn't > actually exist -- then there's a bug?
My understanding is that this refers to the ability to poison http://www.mybank.com - which may be the default destination for a good percentage of users - even if the only function of this page is to redirect directly to https://www.mybank.com. There should be no ability to use cache manifests delivered over http to inject content into the https origin, or at least I hope so. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
