[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iceweasel updates

On Mon, 2 Nov 2015 22:53:03 +0000
Brian <ad44@cityscape.co.uk> wrote:

> An attacker must inject a payload into a web page that the user
> visits. When the page loads in the user’s browser the attacker’s
> payload will be executed. A user would likely have no knowledge of
> this, irrespective of whatever browser or user-agent string is being
> used.
> Without the payload (which the bank's site has delivered) the security
> of the browser is not compromised. If a password were to be obtained
> the bank is complicit in the action. I expect they would take
> responsibilty for this.
You were going fine until the last sentence...


Reply to: