Re: Iceweasel updates
On Mon, 2 Nov 2015 22:53:03 +0000
Brian <ad44@cityscape.co.uk> wrote:
>
> An attacker must inject a payload into a web page that the user
> visits. When the page loads in the user’s browser the attacker’s
> payload will be executed. A user would likely have no knowledge of
> this, irrespective of whatever browser or user-agent string is being
> used.
>
> Without the payload (which the bank's site has delivered) the security
> of the browser is not compromised. If a password were to be obtained
> the bank is complicit in the action. I expect they would take
> responsibilty for this.
>
>
You were going fine until the last sentence...
--
Joe
Reply to: