W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2014

[Bug 25345] Set window.crypto and all properties of window.crypto writable to false

From: <bugzilla@jessica.w3.org>
Date: Tue, 15 Apr 2014 18:16:41 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25345-7213-vrX1YpeV04@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25345

--- Comment #6 from Boris Zbarsky <bzbarsky@mit.edu> ---
Comment 5 applied to the link from comment 3.  Looking at the link from comment
4, overriding String.fromCharCodeAt lets the attacker control
util.ByteBuffer.prototype.put*, and hence the entropy pool.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 15 April 2014 18:16:42 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC