[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor security advisory: Old Tor Browser Bundles vulnerable



On 08/05/2013 06:13 PM, Roger Dingledine wrote:
>   And finally, be aware that many other vectors remain for vulnerabilities
>   in Firefox. JavaScript is one big vector for attack, but many other
>   big vectors exist, like css, svg, xml, the renderer, etc.

If I understand it is possible to embed scripts inside SVG and the
decision currently is either to display SVG with any scripts it might
have or else not display any SVG at all.  It would be great to be able
to use SVG but with the possibility of embedded scripts turned off.

Regards,
/Lars
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk