[tahoe-lafs-trac-stream] [tahoe-lafs] #1859: Proof-of-concept attack: Upload and execute attacker controlled js from any domain.
tahoe-lafs
trac at tahoe-lafs.org
Thu Nov 15 17:44:07 UTC 2012
#1859: Proof-of-concept attack: Upload and execute attacker controlled js from any
domain.
-------------------------+-------------------------------------------------
Reporter: | Owner: davidsarah
nejucomo | Status: new
Type: defect | Milestone: undecided
Priority: major | Version: 1.9.2
Component: code- | Keywords: security javascript same-origin
frontend-web | capleak
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by nejucomo):
Users are *probably not vulnerable* to:
* Having their data read by the attacker (because there's no known way to
discover the victim's caps without phishing).
* Having their data overwritten.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1859#comment:8>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list