[tor-talk] Tor security advisory: Old Tor Browser Bundles vulnerable

[Lars Noodén]

On 08/05/2013 06:13 PM, Roger Dingledine wrote:
>   And finally, be aware that many other vectors remain for vulnerabilities
>   in Firefox. JavaScript is one big vector for attack, but many other
>   big vectors exist, like css, svg, xml, the renderer, etc.

If I understand it is possible to embed scripts inside SVG and the
decision currently is either to display SVG with any scripts it might
have or else not display any SVG at all.  It would be great to be able
to use SVG but with the possibility of embedded scripts turned off.

Regards,
/Lars