canmove, Confirmed users
1,567
edits
Extension Manager:Addon Update Security: Difference between revisions
Jump to navigation
Jump to search
Extension Manager:Addon Update Security (view source)
Revision as of 21:13, 28 June 2007
, 28 June 2007no edit summary
No edit summary |
|||
| Line 23: | Line 23: | ||
Currently there are no requirements placed on these urls. They can both be insecure http which allows methods of compromising either the update manifest or the update package. A demonstration of one form of compromise is [http://paranoia.dubfire.net/2007/05/remote-vulnerability-in-firefox.html already public]. | Currently there are no requirements placed on these urls. They can both be insecure http which allows methods of compromising either the update manifest or the update package. A demonstration of one form of compromise is [http://paranoia.dubfire.net/2007/05/remote-vulnerability-in-firefox.html already public]. | ||
== Proposed Implementation == | == Proposed Implementation == | ||