<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi<br>
<br>
Can you confirm, that other platforms (Firefox, Android, Opera) are
not affected?<br>
You may forward this to the oss-security list and request a CVE.<br>
<br>
Regards,<br>
Jonas<br>
<br>
<div class="moz-cite-prefix">Am 08.04.2016 um 23:50 schrieb William
Budington:<br>
</div>
<blockquote cite="mid:20160408215003.GA13047@X1" type="cite">
<pre wrap="">HTTPS Everywhere Chrome users: be advised that a security vulnerability has been found of moderate severity with versions <= 2016.3.23 of the extension. This has been fixed as of the latest version, 2016.4.4, released earlier this week and available via the Chrome Web Store.[1]
The vulnerability, discovered by Dylan Katz[2], allows any remote website to cause the Chrome browser to hang indefinitely by triggering a redirect in HTTPS Everywhere with a specially-crafted URL. We thank Dylan for reporting this to us and allowing us to fix it in a timely manner.
This was disclosed as a part of EFF's Security Vulnerability Disclosure Program[3], launched in December of last year.
1. <a class="moz-txt-link-freetext" href="https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp">https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp</a>
2. <a class="moz-txt-link-freetext" href="https://www.eff.org/security/hall-of-fame">https://www.eff.org/security/hall-of-fame</a>
3. <a class="moz-txt-link-freetext" href="https://www.eff.org/security">https://www.eff.org/security</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
HTTPS-Everywhere mailing list
<a class="moz-txt-link-abbreviated" href="mailto:HTTPS-Everywhere@lists.eff.org">HTTPS-Everywhere@lists.eff.org</a>
<a class="moz-txt-link-freetext" href="https://lists.eff.org/mailman/listinfo/https-everywhere">https://lists.eff.org/mailman/listinfo/https-everywhere</a></pre>
</blockquote>
<br>
</body>
</html>