Hi Florian, * Florian Weimer <[EMAIL PROTECTED]> [2007-10-07 21:23]: > * Nico Golde: > > > the following CVE (Common Vulnerabilities & Exposures) id was > > published for iceweasel. > > > > CVE-2007-1762[0]: > > | Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs > > | before checking them against the phishing site blacklist, which allows > > | remote attackers to bypass phishing protection via multiple / (slash) > > | characters in the URL. > > I strongly doubt that this relevant anyway. The attacker cannot > retroactively change the URLs that have been spammed, so Google just > needs to make sure that that they blacklist the actually used form of > the URL. (It's pretty easy to bypass the blacklist anyway. I see it > all the time. 8-/)
Sure but it would also be no big deal to strip the slashes. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpZVvauAH49C.pgp
Description: PGP signature
