4 matches found
Mozilla: Click-jacking certificate exceptions through rendering lag
The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...
Mozilla: Click-jacking certificate exceptions through rendering lag
The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...
Mozilla: Key pinning is ignored when overridable errors are encountered (MFSA 2015-67)
It was found that Firefox skipped key-pinning checks when handling an error that could be overridden by the user for example an expired certificate error. This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform...
Key pinning is ignored when overridable errors are encountered — Mozilla
Mozilla security engineer David Keeler reported that when an overridable error is encountered, such as those for expired certificates or a host name does not match a certificate, pinning checks can be be skipped. This would allow for a user to override a pinned certificate when they should not be...