Reporting Security-sensitive NoScript bugs.

Bug reports and enhancement requests

Reporting Security-sensitive NoScript bugs.

Postby Giorgio Maone » Wed Oct 22, 2014 9:21 pm

If you discover an issue which may be exploited to weaken any of the security guarantees NoScript users rely upon (e.g. a XSS or ABE bypass, or a way to execute active content on a forbidden page) please report it privately, either by private messaging on this forum or (preferred) by sending a PGP-encrypted email to Giorgio Maone.

A fix will be released within 24 hours in the beta channel, and if validated will be pushed to the stable channel. Please keep your finding embargoed at least one week, until the vast majority of NoScript users are reached by the automatic update.

Thank you!
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
User avatar
Giorgio Maone
Site Admin
 
Posts: 8119
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: Reporting Security-sensitive NoScript bugs.

Postby barbaz » Wed Apr 15, 2015 11:33 pm

Locking because this isn't intended for discussion and the spammers have discovered this.
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: https://forums.informaction.com/viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 7094
Joined: Sat Aug 03, 2013 5:45 pm


Return to NoScript Development

Who is online

Users browsing this forum: No registered users and 3 guests