Factors Mitigating Browser issues
Server certificate validation vulnerability:
• The vulnerability only affects how certificates from web servers are validated. It does not affect how code-signing certificates
or any other type of certificate are validated.
• The specific checks that might be bypassed vary with both the user and the actions he may have taken during the current browsing session. An attacker could not predict with any degree of certainty which checks might be bypassed in a particular case.
• The vulnerability does not provide any way to force users to the attacker's web site. It is likely that this vulnerability could only
be exploited in conjunction with a successful DNS poisoning or similar attack.
• The vulnerability only affects how certificates from web servers are validated. It does not affect how code-signing certificates
or any other type of certificate are validated.
• The specific checks that might be bypassed vary with both the user and the actions he may have taken during the current browsing session. An attacker could not predict with any degree of certainty which checks might be bypassed in a particular case.
• The vulnerability does not provide any way to force users to the attacker's web site. It is likely that this vulnerability could only
be exploited in conjunction with a successful DNS poisoning or similar attack.
Comments