Re: Iceweasel updates

To: debian-user@lists.debian.org
Subject: Re: Iceweasel updates
From: Vincent Lefevre <vincent@vinc17.net>
Date: Mon, 2 Nov 2015 14:17:39 +0100
Message-id: <[🔎] 20151102131739.GC19485@zira.vinc17.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 02112015125815.146458a33a44@desktop.copernicus.demon.co.uk>
References: <[🔎] 1446466786.28233.3.camel@gmail.com> <[🔎] 20151102123543.1ca88f30@abydos.stargate.org.uk> <[🔎] 20151102124813.GA19485@zira.vinc17.org> <[🔎] 02112015125815.146458a33a44@desktop.copernicus.demon.co.uk>

On 2015-11-02 13:03:14 +0000, Brian wrote:
> The reason you advance is probably the one which bank's IT section would
> give if you asked them. Quite how a user's browser can compromise the
> security of the site itself is unlikely to be explained.

The user's browser cannot compromise the site itself. But a security
bug may permit an attacker to get the user's login and password, and
neither the bank nor the user would like this.

> The OP could look at
> 
>   https://wiki.debian.org/Iceweasel#User-Agent_string

Note that if the user tries to overrides the bank security decision
and has his bank account compromised, he will probably get the full
responsibility. I would definitely not recommend to do this.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Iceweasel updates
  - From: Brian <ad44@cityscape.co.uk>

References:
- Iceweasel updates
  - From: Jack Dangler <tdldev@gmail.com>
- Re: Iceweasel updates
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: Iceweasel updates
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Iceweasel updates
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: Iceweasel updates
Next by Date: Re: Iceweasel updates
Previous by thread: Re: Iceweasel updates
Next by thread: Re: Iceweasel updates
Index(es):
- Date
- Thread