[Secure-testing-team] Bug#532520 predictable random number generator used in web browsers
Michael S. Gilbert
michael.s.gilbert at gmail.com
Fri Jun 26 00:18:42 UTC 2009
On Thu, 25 Jun 2009 22:33:10 +0000 Moritz Muehlenhoff wrote:
> lynx supports neither Javascript nor multipart/form-data, so it's not
> affected.
i am trying to track the deeper cause here (the fact that all of the
web browsers use a predictable PRNG), rather than the symptom (this
particular exploit in javascript/forms).
i would prefer to keep these bugs open and tracked at a low level until
this core problem is addressed. since you are triaging the symptom,
may i request that you open new bugs specifically for that problem
itself rather than overriding my submissions? thanks for understanding.
mike
More information about the Secure-testing-team
mailing list