HTTPS subresource validation fail #315

damascene opened this Issue Feb 12, 2016 · 1 comment


None yet

3 participants


Liferea will silently load content, including scripts, from servers with invalid certificates. This allows a MitM attacker to inject code into most web pages.

Further explanation and test case:
You can directly do some tests using this rss feed from s-check

@lwindolf lwindolf added the bug label Feb 23, 2016
Leiaz commented Oct 21, 2016

WebKit 2 pass that test, so this is fixed in 1.12.

@Leiaz Leiaz closed this Oct 21, 2016
@lwindolf lwindolf added this to the 1.12-RC1 milestone Oct 21, 2016
@lwindolf lwindolf self-assigned this Oct 21, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment