Bugzilla – Bug 4853
security audit of the HTML client
Last modified: 2014-10-06 15:49:01
You need to
before you can comment on or make changes to this bug.
Now that we will be exposing our tlstunnel/webserver code to the evils of the
unfiltered internet, we probably need to have a more rigorous look through the
code to make sure we don't have any obvious security issues. We should also
make sure that it is properly robust against various denial of service attacks.
We need to validate input we get from the browser and from the user. Some of
this work has been done as part of bug 4840 but a more thorough look is needed.
I've opened new bugs for all issues I've found, but I could find no more in the
time spent on this bug. I've created bug 5263 about mitigating denial of
Since all issues got new reported as new bugs, there is nothing to test on this