Yeah but it's meaningless to non-mozilla-developers. WTF is a "chrome-privileged document"? Is the attack vector websites or browser extensions? Does attacker get host code exec or just some kind of priv bypass in the browser?
-
-
Valid chrome URLs should be maintained in a whitelist, which also holds the mapping to the corresponding file:// URL. I don't see (yet) how this could be tricked. Also, the commit doesn't look like _that_ is the case. In the other hand, CERT usualy know what they're talking about
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
True.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.