Using a weak RNG for the form boundary allows a website operator to perform several
attacks on users (as outlined in https://trac.torproject.org/projects/tor/ticket/22919)
These include:
- Identifying Windows users based on the unseeded RNG
- Identify the number of form submissions that have occurred cross-origin between same-origin submissions
Additionally, a predictable boundary makes it possible to forge a boundary in the middle
of a file upload.
Differential Revision: https://phabricator.services.mozilla.com/D56056
--HG--
extra : moz-landing-system : lando
The logic in JSMath for generating cryptographically-secure
pseudorandom numbers without NSS is independently useful, and so
it's been moved to a common area.
It will eventually be used for generated random arena ids.
Differential Revision: https://phabricator.services.mozilla.com/D8597
--HG--
extra : moz-landing-system : lando
Alex Catarineu
Ehsan Akhgari
Sylvestre Ledru
Chris Martin