[tor-bugs] #2819 [Torbutton]: Removing JS hooks in FF4
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Mar 30 20:49:01 UTC 2011
#2819: Removing JS hooks in FF4
-----------------------+----------------------------------------------------
Reporter: gk | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone:
Component: Torbutton | Version:
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by gk):
Thanks Robert. I somehow missed that. Anyway, I wanted to add that the
hooking method I mentioned above should protect as well against
Components.lookupMethod() calls. See:
[http://www.owasp.org/images/a/a3/Mario_Heiderich_OWASP_Sweden_Locking_the_throneroom.pdf]
Slide 24. Alas, I was not able to prevent Fleischer's
Components.lookupMethod() calls to unmask the screen values. But maybe I
was just not smart enough...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2819#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list