Irony: thawte.com insecure?


I was trying to download some root certificates from thawte, and Firefox gave me this error:

XSS attempt from thawte.com

Thawte is the second biggest public certificate authority in the world. Their entire raison d’être is internet security. I see there being three posibilities here:

  1. they really do have an XSS vulnerability on their site
  2. their site is badly written so as to confuse NoScript
  3. there’s a bug in NoScript that causes a false positive on the Thawte web site

Any of the three is the height of irony.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s