heartbleed

Heartbleed was a C bug, not a web bug

CVE-2014-0160 was an out-of-bounds read in OpenSSL C, not a JavaScript flaw. The real mechanism, the network-only telemetry gap, and what survived the patch.