Irony: insecure?

I was trying to download some root certificates from thawte, and Firefox gave me this error:

XSS attempt from

Thawte is the second biggest public certificate authority in the world. Their entire raison d’être is internet security. I see there being three posibilities here:

  1. they really do have an XSS vulnerability on their site
  2. their site is badly written so as to confuse NoScript
  3. there’s a bug in NoScript that causes a false positive on the Thawte web site

Any of the three is the height of irony.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s