https://bugzilla.wikimedia.org/show_bug.cgi?id=48931
--- Comment #2 from Chris Steipp <[email protected]> --- (In reply to comment #0) > * An evil script could manipulate the password/email. > ** Password and email are now on their own special pages (and scripts aren't > and shouldn't be loaded there for exactly that reason). I think the more likely attack is that the evil script changes the links to those pages, shows a fake form, which then ships the password off to the attacker. Of course, once an evil script has taken over the user's UI, they can just change the preferences link, so it's really not that much less secure. But it's one more obstacle for the attacker. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
