X_Cli to Security · 3 years agoXSS vulnerability in Firefox via a SVG imagetutanota.comexternal-linkmessage-square2fedilinkarrow-up18arrow-down10file-text
arrow-up18arrow-down1external-linkXSS vulnerability in Firefox via a SVG imagetutanota.comX_Cli to Security · 3 years agomessage-square2fedilinkfile-text
The attack scenario is not very realistic, but the details of the attack and why it caused a XSS are fascinating
minus-squareX_CliOPlinkfedilinkarrow-up1·edit-23 years agoIMO, blob URLs should be completely disabled. They are the main issue here, because they are executed in the context of the origin that created the blob in the first place. https://github.com/whatwg/url/issues/127
IMO, blob URLs should be completely disabled. They are the main issue here, because they are executed in the context of the origin that created the blob in the first place.
https://github.com/whatwg/url/issues/127