183
edits
m (Remove outdated section) Tags: Mobile web edit Mobile edit |
|||
(One intermediate revision by one other user not shown) | |||
Line 8: | Line 8: | ||
In the long term, Carbons+MAM might be replaced/updated by some common mechanism that also ensures that a client knows the MAM-ID of sent messages. | In the long term, Carbons+MAM might be replaced/updated by some common mechanism that also ensures that a client knows the MAM-ID of sent messages. | ||
= Client-Side Processing = | = Client-Side Processing = | ||
Line 19: | Line 15: | ||
* [https://op-co.de/tmp/CVE-2017-5589.html CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability] | * [https://op-co.de/tmp/CVE-2017-5589.html CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability] | ||
* [https://gultsch.de/dino_multiple.html CVE-2019-16235+ Multiple Vulnerabilities found in Dino] | * [https://gultsch.de/dino_multiple.html CVE-2019-16235+ Multiple Vulnerabilities found in Dino] | ||
* [https://monal.im/blog/cve-2020-26547/ CVE-2020-26547 Missing verification of origin of Carbons in Monal] | |||
Before processing a Carbon, the client must determine whether the message was a MUC-PM or a regular chat message (this might require an IQ round-trip to the sending entity). | Before processing a Carbon, the client must determine whether the message was a MUC-PM or a regular chat message (this might require an IQ round-trip to the sending entity). |
edits