Bitcoin Forum
June 20, 2018, 05:44:33 PM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: .  (Read 1097 times)
nogf
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
.
December 28, 2014, 12:48:45 AM
 #1

.
1529516673
Hero Member
*
Offline Offline

Posts: 1529516673

View Profile Personal Message (Offline)

Ignore
1529516673
Reply with quote  #2

1529516673
Report to moderator
1529516673
Hero Member
*
Offline Offline

Posts: 1529516673

View Profile Personal Message (Offline)

Ignore
1529516673
Reply with quote  #2

1529516673
Report to moderator
1529516673
Hero Member
*
Offline Offline

Posts: 1529516673

View Profile Personal Message (Offline)

Ignore
1529516673
Reply with quote  #2

1529516673
Report to moderator
You can see the statistics of your reports to moderators on the "Report to moderator" pages.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1529516673
Hero Member
*
Offline Offline

Posts: 1529516673

View Profile Personal Message (Offline)

Ignore
1529516673
Reply with quote  #2

1529516673
Report to moderator
Maged
Legendary
*
Offline Offline

Activity: 1260
Merit: 1004


View Profile
December 28, 2014, 04:05:35 AM
 #2

... can inject JavaScript into the wallet

...

This "resolution" ignores that the bug can be used to cause a persistent compromise.
On the contrary, because of the Content Security Policy, you cannot inject JavaScript on most browsers, greatly reducing the attack surface. Unfortunately, you can inject styling and html, which if you've ever seen Reddit or one of those CSS demonstration sites you would know that it can still change enough of the page to convince the user to do something bad. But again, that wouldn't be automatic. Still an issue, but not as bad as you make it out to be. They should really disable inline styling after they fix this.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!