Comment 10 for bug 991982

Marc Deslauriers (mdeslaur) wrote :

After testing the fix in this bug, it doesn't appear to be enough to solve the issue. The ssl cert is not being checked, which means a MITM can still alter the contents of the twitter feed.

Since the twitter feed can be altered, it is likely that javascript can still be injected in other fields of the feed.