[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Javascript security question

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Javascript security question
From: Andrew Lewman <andrew@xxxxxxxxxxxxxx>
Date: Fri, 21 Aug 2009 10:20:57 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 21 Aug 2009 10:20:58 -0400
In-reply-to: <c57501ff0908210648r2c9e5952t679dde96ba19e930@xxxxxxxxxxxxxx>
Organization: The Tor Project, Inc.
References: <236316.99637.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20090821102617.476037d4@flaptop> <c57501ff0908210648r2c9e5952t679dde96ba19e930@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090707)

On 08/21/2009 09:48 AM, Flamsmark wrote:
> Unfortunately, there is currently a vulnerability with HTTPS, which may make
> even 'secure' javascript vulnerable.

If you're thinking of the null issue released by moxie, then the issue
isn't with ssl, it's with the libraries that many programs call for
their ssl routines.  If you're running Firefox 3.0.13, then this one
issue is fixed.

The CA/ssl infrastructure has plenty of its own issues in how its
implemented today.  Let's not confuse the two.

-- 
Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject

References:
- Javascript security question
  - From: Sadece Gercekler
- Re: Javascript security question
  - From: Freemor
- Re: Javascript security question
  - From: Flamsmark

Prev by Author: Re: Scott made me do it.
Next by Author: Re: Javascript security question
Previous by thread: Re: Javascript security question
Next by thread: Re: Javascript security question
Index(es):
- Author
- Thread