Yeah but it's meaningless to non-mozilla-developers. WTF is a "chrome-privileged document"? Is the attack vector websites or browser extensions? Does attacker get host code exec or just some kind of priv bypass in the browser?
-
-
That's the key question. I'm still trying to grasp. But that is, what the statement by the German CERT says: https://www.cert-bund.de/advisoryshort/CB-K18-0193 …
-
If that's actually possible, the flaws here are far deeper than this CVE.
-
True.
End of conversation
New conversation -
-
-
I thought access would be restricted to http(s)://, file://, data:// and resource:// (plus mobile deeplink schemes).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.