On 18/07/07, Scott Grayban <[EMAIL PROTECTED]> wrote: > On 18/07/07, Michael Vincent van Rantwijk, MultiZilla > <[EMAIL PROTECTED]> wrote: > > XPI installations initiated from mozdev.org will still be vulnerable to > > MITM attacks... when the XPI isn't *installed* originally from a SSL > > protected server! > > > > a.m.o is secure, so in that case you can get away with simply signing > > your updates, but each new installation will still be vulnerable to MITM > > attacks, and this will be the next step in this process... to prevent > > you from installing XPI's from insecure http: connections. > > > > Why is this so hard to understand? > > > > -- > > Michael Vincent van Rantwijk > > The repercussion of using java script to update the addons. > > Firefox has been well known to be the best sure web browser out there > but this flaw takes FF right back to the IE stone age.
Opps typo..... should read "secure web browser". _______________________________________________ Project_owners mailing list Project_owners@mozdev.org http://mozdev.org/mailman/listinfo/project_owners
