<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hi<br>
    <br>
    Can you confirm, that other platforms (Firefox, Android, Opera) are
    not affected?<br>
    You may forward this to the oss-security list and request a CVE.<br>
    <br>
    Regards,<br>
    Jonas<br>
    <br>
    <div class="moz-cite-prefix">Am 08.04.2016 um 23:50 schrieb William
      Budington:<br>
    </div>
    <blockquote cite="mid:20160408215003.GA13047@X1" type="cite">
      <pre wrap="">HTTPS Everywhere Chrome users: be advised that a security vulnerability has been found of moderate severity with versions <= 2016.3.23 of the extension.  This has been fixed as of the latest version, 2016.4.4, released earlier this week and available via the Chrome Web Store.[1]

The vulnerability, discovered by Dylan Katz[2], allows any remote website to cause the Chrome browser to hang indefinitely by triggering a redirect in HTTPS Everywhere with a specially-crafted URL.  We thank Dylan for reporting this to us and allowing us to fix it in a timely manner.

This was disclosed as a part of EFF's Security Vulnerability Disclosure Program[3], launched in December of last year.

1. <a class="moz-txt-link-freetext" href="https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp">https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp</a>
2. <a class="moz-txt-link-freetext" href="https://www.eff.org/security/hall-of-fame">https://www.eff.org/security/hall-of-fame</a>
3. <a class="moz-txt-link-freetext" href="https://www.eff.org/security">https://www.eff.org/security</a>
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
HTTPS-Everywhere mailing list
<a class="moz-txt-link-abbreviated" href="mailto:HTTPS-Everywhere@lists.eff.org">HTTPS-Everywhere@lists.eff.org</a>
<a class="moz-txt-link-freetext" href="https://lists.eff.org/mailman/listinfo/https-everywhere">https://lists.eff.org/mailman/listinfo/https-everywhere</a></pre>
    </blockquote>
    <br>
  </body>
</html>