[tor-talk] Tor security advisory: Old Tor Browser Bundles vulnerable
Lars Noodén
lars.nooden at gmail.com
Mon Aug 5 16:02:26 UTC 2013
On 08/05/2013 06:13 PM, Roger Dingledine wrote:
> And finally, be aware that many other vectors remain for vulnerabilities
> in Firefox. JavaScript is one big vector for attack, but many other
> big vectors exist, like css, svg, xml, the renderer, etc.
If I understand it is possible to embed scripts inside SVG and the
decision currently is either to display SVG with any scripts it might
have or else not display any SVG at all. It would be great to be able
to use SVG but with the possibility of embedded scripts turned off.
Regards,
/Lars
More information about the tor-talk
mailing list