I can confirm this does not affect HTTPS Everywhere for Android or Firefox. HTTPS Everywhere for Opera is essentially the same addon as for Chrome, so I have't tested Opera but if it was affected it has been fixed now.
Hope this helps! Bill Budington Software Engineer Electronic Frontier Foundation https://www.eff.org/ On Sat, 09 Apr 2016 00:09:11 +0200, [email protected] wrote: > Hi > > Can you confirm, that other platforms (Firefox, Android, Opera) are not > affected? > You may forward this to the oss-security list and request a CVE. > > Regards, > Jonas > > Am 08.04.2016 um 23:50 schrieb William Budington: > > HTTPS Everywhere Chrome users: be advised that a security vulnerability has > > been found of moderate severity with versions <= 2016.3.23 of the > > extension. This has been fixed as of the latest version, 2016.4.4, > > released earlier this week and available via the Chrome Web Store.[1] > > > > The vulnerability, discovered by Dylan Katz[2], allows any remote website > > to cause the Chrome browser to hang indefinitely by triggering a redirect > > in HTTPS Everywhere with a specially-crafted URL. We thank Dylan for > > reporting this to us and allowing us to fix it in a timely manner. > > > > This was disclosed as a part of EFF's Security Vulnerability Disclosure > > Program[3], launched in December of last year. > > > > 1. > > https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp > > 2. https://www.eff.org/security/hall-of-fame > > 3. https://www.eff.org/security > > > > > > _______________________________________________ > > HTTPS-Everywhere mailing list > > [email protected] > > https://lists.eff.org/mailman/listinfo/https-everywhere > > _______________________________________________ > HTTPS-Everywhere mailing list > [email protected] > https://lists.eff.org/mailman/listinfo/https-everywhere
signature.asc
Description: Digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
