|Main Archive Page > Month Archives > full-disclosure-uk archives|
-----BEGIN PGP SIGNED MESSAGE-----
Juha-Matti Laurio wrote:
| The most recent Firefox 184.108.40.206 version is RC4 still:
| You can't download Firefox 2.0.12 Final yet.
So if that's the case, did the author of this thread report this to the FF team?
/me doesn't see the point of sending this type of e-mail out to a list. ~ Since this is a Release Candidate - not even released. Just report it to the authors and let them fix it for the final.
Thanks Juha-Matti Laurio, for the clarification.
| carl hardwick <firstname.lastname@example.org> wrote:
|> Firefox seems to have trouble with defining the proper hostname when
|> requesting a ssl connection. I was able to trick Firefox in thinking
|> the hostname behind the at-sign is legit and the same as the URI that
|> requested an ssl connection, and this without a warning.
|> PoC: https://www.gmail.com%C0%AF%C0%AF%C0%C0email@example.com
|> You can add as much garbage between .com and the @ sign.
|> So what else can we do?
|> ah heck we don't need that at all:
|> works fine also :)
| Full-Disclosure - We believe in it.
| Charter: http://lists.grok.org.uk/full-disclosure-charter.html
| Hosted and sponsored by Secunia - http://secunia.com/
| _ |
| ASCII ribbon campaign ( ) |
| - against HTML email X |
| / \ |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
-----END PGP SIGNATURE-----