canmove, Confirmed users
637
edits
Firefox3.1/AboutCertError SecurityReview: Difference between revisions
Firefox3.1/AboutCertError SecurityReview (view source)
Revision as of 19:48, 28 October 2008
, 28 October 2008→Review comments
(Initial writeup) |
|||
| Line 98: | Line 98: | ||
== Review comments == | == Review comments == | ||
* in the "bad domain" case can an attacker insert random text in the technical details section? It may not get auto-linked, but could be a set of instructions to the user. It could have bidi chars, spaces or unicode things that look like spaces. | |||
* bug 433422 covers complaints about calling self-signed certs "invalid". The new text is much clearer but the "Technical Details" from PSM still uses this word. It would save us a lot of grief from tech-savvy people if we changed this terminology to match the rest of the new page. | |||