[DOMPurify Security] New Release Version 0.8.9 (Security Issue)

Security Announcements for DOMPurify and related tools dompurify-security at lists.ruhr-uni-bochum.de
Wed May 3 08:53:32 CEST 2017


A new version of DOMPurify was released today: DOMPurify 0.8.9


DOMPurify showed weaknesses when handling both the recent Safari
DOMParser XSS and a Firefox mXSS when working with document.write().

Caused by a broken logical check, not all browser bugs were being worked
around correctly.


DOMPurify now performs better checks to mitigate both the Safari
DOMParser XSS and a Firefox mXSS when using document.write().


Updated packages are available here:


Fon    +49 1520 8675782
PGP    0xD33441A8
S/MIME kuix.de/smime-keyserver/

cure53.de || mario.heideri.ch || 0x6D6172696F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ruhr-uni-bochum.de/pipermail/dompurify-security/attachments/20170503/55db9be2/attachment.sig>

More information about the DOMPurify-Security mailing list