Ian G wrote:
On my Konqueror (3.3.2/FreeBSD), there is no bolding, however the 'a' is slightly smaller and looks like a different font. That's only on close eyeball examination though, you'd only pick it up if looking hard. Also, the 'a' didn't survive a cut&paste, and I ended up with pypal.com via that route.
I only have firefox/moz installed, so couldn't check it for myself...
Exactly the same effect on my Firefox (1.0) BUT it did not pick up on the dodgy certificate. Konqueror went through the whole 'this is not a valid cert' popups rigmarole which I blandly clicked through ... but Firefox did not!
Technically speaking it seems firefox validated punycode just perfectly, it's both a valid domain and certificate (as far as I can tell)...
That's a bug. I do not trust USERTRUST for any purpose, and I've never even heard of them, so there is no way that I can trust them!
Well they must have passed webtrust CA certification or they wouldn't be in the mozilla list :)
A second bug is that it took me a while to find the cert information. Clicks on the padlocks did nothing, I guess this is a FreeBSD bug? Anyway, I found it under Tools/PageInfo, which I'd describe as "obscure" and our average users will probably find it tough. Hopefully the padlock click failure would work for them though.
Clicking on the lock worked ok in 0.9.3 on ubuntu...
--
Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
