Brian Jason Drake <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #8 from Brian Jason Drake <> 2010-12-29 16:24:49 
UTC ---
(In reply to comment #0)
> Currently we pull images (and CentralNotice JS) from
> even for pages accessed over SSL on
> [snip]
> 2) A MITM attacker could replace your images with something malicious/nasty
> (moderately annoying)
> [snip]

It’s more than “moderately annoying” [0]. You said it yourself: the images
could be replaced with something “malicious”. It’s more obvious how this could
be a security risk when you consider that images could be used by gadgets or
user scripts.

[0] “How to Deploy HTTPS Correctly”
<> (“Mixed Content”

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to