Bitcoin Forum
July 15, 2024, 06:42:21 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Archival > .
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: .  (Read 1148 times)
nogf (OP)
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
December 28, 2014, 12:48:45 AM
Last edit: December 28, 2014, 05:39:38 AM by nogf
 #1
.
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
December 28, 2014, 04:05:35 AM
 #2
Quote from: nogf on December 28, 2014, 12:48:45 AM
... can inject JavaScript into the wallet

...

This "resolution" ignores that the bug can be used to cause a persistent compromise.
On the contrary, because of the Content Security Policy, you cannot inject JavaScript on most browsers, greatly reducing the attack surface. Unfortunately, you can inject styling and html, which if you've ever seen Reddit or one of those CSS demonstration sites you would know that it can still change enough of the page to convince the user to do something bad. But again, that wouldn't be automatic. Still an issue, but not as bad as you make it out to be. They should really disable inline styling after they fix this.
Like my posts? Donate!
1MagedVeZqDtU4Jh5BdgvHpcWk9dXFzZY8
Pages: [1]
  Print  
Bitcoin Forum > Other > Archival > .
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!