Write-up of CVE-2015-1287 and CVE-2015-5826: Data exfiltration abusing CSS + UTF-16, one of my greatest findings!http://blog.innerht.ml/cross-origin-css-attacks-revisited-feat-utf-16/ …
@filedescriptor great work dude :) Any info on how fix(es) were implemented?
-
-
@avlidienbrunn thanks! Now documents with improper MIME cannot be imported as CSS cross-origin. Will add it to the blog -
@avlidienbrunn Updated. What's interesting is that only Safari 9 shows the error while Chrome doesn't
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.