ThreatPinchLookup icon indicating copy to clipboard operation
ThreatPinchLookup copied to clipboard
verified publisher icon cloudtracer

Security issues: old libraries, CSP...

Open juju4 opened this issue 4 years ago • 0 comments

Uncertain if still maintained but there are multiple issues identified from https://crxcavator.io/report/ljdgplocfnmnofbhpkjclbefmjoikgke/3.0.6

  • many vulnerabilities associated to retirejs: bootstrap, jquery, moment, background
  • permissive content-security policy. something like https://github.com/ninoseki/mitaka/pull/477/files would help
  • less rated but possible entry points, external javascript on https://oss.maxcdn.com

Would be great to fix. Thanks!

juju4 avatar Feb 20 '21 15:02 juju4