https://bugzilla.wikimedia.org/show_bug.cgi?id=16822
--- Comment #10 from Aryeh Gregor <simetrical+wikib...@gmail.com> 2010-12-29 18:52:12 UTC --- (In reply to comment #8) > It’s more than “moderately annoying” [0]. You said it yourself: the images > could be replaced with something “malicious”. It’s more obvious how this could > be a security risk when you consider that images could be used by gadgets or > user scripts. The images are cross-origin, so they can do basically nothing different from if they were on some totally different site in a different tab. Gadgets and user scripts cannot (AFAIK) access the contents of upload.wikimedia.org files at all. Pretty much anything an attacker could do by MITMing these images, they could do by MITMing some unrelated site you have open, assuming you have at least one unsecured connection open. So that point is, yes, at most moderately annoying. The issues of replacing the scripts, and snooping on the images to figure out what pages you're viewing, are the significant ones. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
