Re: Iceweasel updates

To: debian-user@lists.debian.org
Subject: Re: Iceweasel updates
From: Vincent Lefevre <vincent@vinc17.net>
Date: Mon, 2 Nov 2015 14:58:24 +0100
Message-id: <[🔎] 20151102135824.GE19485@zira.vinc17.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 02112015134104.9a0ad95d97d4@desktop.copernicus.demon.co.uk>
References: <[🔎] 1446466786.28233.3.camel@gmail.com> <[🔎] 20151102123543.1ca88f30@abydos.stargate.org.uk> <[🔎] 20151102124813.GA19485@zira.vinc17.org> <[🔎] 02112015125815.146458a33a44@desktop.copernicus.demon.co.uk> <[🔎] 20151102131739.GC19485@zira.vinc17.org> <[🔎] 02112015134104.9a0ad95d97d4@desktop.copernicus.demon.co.uk>

On 2015-11-02 13:47:41 +0000, Brian wrote:
> On Mon 02 Nov 2015 at 14:17:39 +0100, Vincent Lefevre wrote:
> > The user's browser cannot compromise the site itself. But a security
> > bug may permit an attacker to get the user's login and password, and
> > neither the bank nor the user would like this.
> 
> Would this obtaining of the password be before or after encryption
> takes place?

With an XSS[*] vulnerability, before.

[*] https://en.wikipedia.org/wiki/Cross-site_scripting

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Iceweasel updates
  - From: Brian <ad44@cityscape.co.uk>

References:
- Iceweasel updates
  - From: Jack Dangler <tdldev@gmail.com>
- Re: Iceweasel updates
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: Iceweasel updates
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Iceweasel updates
  - From: Brian <ad44@cityscape.co.uk>
- Re: Iceweasel updates
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Iceweasel updates
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: Iceweasel updates
Next by Date: Re: Iceweasel updates
Previous by thread: Re: Iceweasel updates
Next by thread: Re: Iceweasel updates
Index(es):
- Date
- Thread