Javascript security question
Andrew Lewman
andrew at torproject.org
Fri Aug 21 14:20:57 UTC 2009
On 08/21/2009 09:48 AM, Flamsmark wrote:
> Unfortunately, there is currently a vulnerability with HTTPS, which may make
> even 'secure' javascript vulnerable.
If you're thinking of the null issue released by moxie, then the issue
isn't with ssl, it's with the libraries that many programs call for
their ssl routines. If you're running Firefox 3.0.13, then this one
issue is fixed.
The CA/ssl infrastructure has plenty of its own issues in how its
implemented today. Let's not confuse the two.
--
Andrew Lewman
The Tor Project
pgp 0x31B0974B
Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
More information about the tor-talk
mailing list