On Thu, Sep 18, 2014, at 11:57 AM, Adam Kruger wrote: Hey folks. Just wondering what you guys are planning to do about this in Orweb. Orweb only allows on window at a time, and no tabs. I need to dig deeper into the bug, but my hope was that we aren't vulnerable because of that. We're planning a release of Psiphon to disable JavaScript entirely (with no option for it to be enabled) in our built-in browser on Android 3.0 through 4.3 ([1]https://bitbucket.org/psiphon/psiphon-circumvention-system/ branch/CVE-2014-6041-mitigation). We haven't seen an authoritative list of affected Android versions, but in our own testing we found that 2.2 and 2.3 aren't vulnerable. It seems pretty harsh but we don't have any better ideas to prevent our users from having an unsafe Internet experience. Have you seen our work on Orfox? I think we are going to accelerate a release there, and kill off all of our WebView based efforts. References 1. https://bitbucket.org/psiphon/psiphon-circumvention-system/branch/CVE-2014-6041-mitigation
_______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
