Bitcoin Forum
December 11, 2017, 06:17:41 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: .  (Read 1096 times)
nogf
Newbie
*
Offline Offline

Activity: 10


View Profile
.
December 28, 2014, 12:48:45 AM
 #1

.
1513016261
Hero Member
*
Offline Offline

Posts: 1513016261

View Profile Personal Message (Offline)

Ignore
1513016261
Reply with quote  #2

1513016261
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513016261
Hero Member
*
Offline Offline

Posts: 1513016261

View Profile Personal Message (Offline)

Ignore
1513016261
Reply with quote  #2

1513016261
Report to moderator
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
December 28, 2014, 04:05:35 AM
 #2

... can inject JavaScript into the wallet

...

This "resolution" ignores that the bug can be used to cause a persistent compromise.
On the contrary, because of the Content Security Policy, you cannot inject JavaScript on most browsers, greatly reducing the attack surface. Unfortunately, you can inject styling and html, which if you've ever seen Reddit or one of those CSS demonstration sites you would know that it can still change enough of the page to convince the user to do something bad. But again, that wouldn't be automatic. Still an issue, but not as bad as you make it out to be. They should really disable inline styling after they fix this.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!