[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Javascript security question

On 08/21/2009 09:48 AM, Flamsmark wrote:
> Unfortunately, there is currently a vulnerability with HTTPS, which may make
> even 'secure' javascript vulnerable.

If you're thinking of the null issue released by moxie, then the issue
isn't with ssl, it's with the libraries that many programs call for
their ssl routines.  If you're running Firefox 3.0.13, then this one
issue is fixed.

The CA/ssl infrastructure has plenty of its own issues in how its
implemented today.  Let's not confuse the two.

Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject