On Thursday, March 1, 2018 at 2:43:05 PM UTC-5, Tom wrote: > > Therefore, it is not unreasonable to assume that this key has been > > compromised. > > > So it means that any private keys generated on that website could be > compromised: > - If any third-party JS were compromised (and we know how insecure > js-based ads are - last time it was a crypto miner on youtube) > - If they were stored on the compromised server > - If a trojan were installed on the compromised server > - If somebody MitM the server > > Or am I missing something ?
That seems rather comprehensive. Any number of vectors could have caused a key leak. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy