[CentOS] C5 : Firefox 38 bug
Jonathan Billings
billings at negate.orgFri Jun 12 19:51:06 UTC 2015
- Previous message: [CentOS] C5 : Firefox 38 bug
- Next message: [CentOS] C5 : Firefox 38 bug
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jun 12, 2015 at 03:43:11PM -0400, Jonathan Billings wrote: > Its technically true, however, XSS attacks can get around that > restriction, which is why you saw so much malware posted on a site > like googleusercontent.com. Sites that allow users to upload content > are always being used to host malware for XSS attacks. But you still > need to be visiting a site with the same domain as the cookie, and > load a compromised page. Plus, if you use HttpOnly cookies, you > have to go through even more complex XSS exploits to get at the > cookie, since they aren't accessible through the DOM model. I should add that the exploits are constantly being addressed by both Web Browser developers as well as developers of extensions like NoScript. Its an arms race. -- Jonathan Billings <billings at negate.org>
- Previous message: [CentOS] C5 : Firefox 38 bug
- Next message: [CentOS] C5 : Firefox 38 bug
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list