gecko-dev

Граф коммитов

Автор	SHA1	Сообщение	Дата
Alex Catarineu	bc96439261	Bug 461204 - Improve the random number generator for the boundaries in multipart/form-data r=smaug Using a weak RNG for the form boundary allows a website operator to perform several attacks on users (as outlined in https://trac.torproject.org/projects/tor/ticket/22919) These include: - Identifying Windows users based on the unseeded RNG - Identify the number of form submissions that have occurred cross-origin between same-origin submissions Additionally, a predictable boundary makes it possible to forge a boundary in the middle of a file upload. Differential Revision: https://phabricator.services.mozilla.com/D56056 --HG-- extra : moz-landing-system : lando	2020-01-13 20:41:14 +00:00
Sylvestre Ledru	265e672179	Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format # ignore-this-changeset --HG-- extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022	2018-11-30 11:46:48 +01:00
Chris Martin	6f57bf69b4	Bug 1402282 - Move CSPRNG logic to common area r=froydnj The logic in JSMath for generating cryptographically-secure pseudorandom numbers without NSS is independently useful, and so it's been moved to a common area. It will eventually be used for generated random arena ids. Differential Revision: https://phabricator.services.mozilla.com/D8597 --HG-- extra : moz-landing-system : lando	2018-10-25 18:00:15 +00:00

Автор

SHA1

Сообщение

Дата

Alex Catarineu

bc96439261

Bug 461204 - Improve the random number generator for the boundaries in multipart/form-data r=smaug

Using a weak RNG for the form boundary allows a website operator to perform several
attacks on users (as outlined in https://trac.torproject.org/projects/tor/ticket/22919)

These include:
 - Identifying Windows users based on the unseeded RNG
 - Identify the number of form submissions that have occurred cross-origin between same-origin submissions

Additionally, a predictable boundary makes it possible to forge a boundary in the middle
of a file upload.

Differential Revision: https://phabricator.services.mozilla.com/D56056

--HG--
extra : moz-landing-system : lando

2020-01-13 20:41:14 +00:00

Sylvestre Ledru

265e672179

Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format

# ignore-this-changeset

--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022

2018-11-30 11:46:48 +01:00

Chris Martin

6f57bf69b4

Bug 1402282 - Move CSPRNG logic to common area r=froydnj

The logic in JSMath for generating cryptographically-secure
pseudorandom numbers without NSS is independently useful, and so
it's been moved to a common area.

It will eventually be used for generated random arena ids.

Differential Revision: https://phabricator.services.mozilla.com/D8597

--HG--
extra : moz-landing-system : lando

2018-10-25 18:00:15 +00:00

3 Коммитов