I was trying to download some root certificates from thawte, and Firefox gave me this error:
Thawte is the second biggest public certificate authority in the world. Their entire raison d’être is internet security. I see there being three posibilities here:
- they really do have an XSS vulnerability on their site
- their site is badly written so as to confuse NoScript
- there’s a bug in NoScript that causes a false positive on the Thawte web site
Any of the three is the height of irony.