Friday, November 14, 2008

Irony: thawte.com insecure?

I was trying to download some root certificates from thawte, and Firefox gave me this error:

XSS attempt from thawte.com

Thawte is the second biggest public certificate authority in the world. Their entire raison d'être is internet security. I see there being three posibilities here:

  1. they really do have an XSS vulnerability on their site
  2. their site is badly written so as to confuse NoScript
  3. there's a bug in NoScript that causes a false positive on the Thawte web site

Any of the three is the height of irony.

No comments: