[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iceweasel updates

On 2015-11-02 13:47:41 +0000, Brian wrote:
> On Mon 02 Nov 2015 at 14:17:39 +0100, Vincent Lefevre wrote:
> > The user's browser cannot compromise the site itself. But a security
> > bug may permit an attacker to get the user's login and password, and
> > neither the bank nor the user would like this.
> Would this obtaining of the password be before or after encryption
> takes place?

With an XSS[*] vulnerability, before.

[*] https://en.wikipedia.org/wiki/Cross-site_scripting

Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to: