"SVG cross domain cookie vulnerability in Firefox" - https://insert-script.blogspot.se/2016/12/firefox-svg-cross-domain-cookie.html … -- Aaah, we should disallow 'Set-Cookie' as http-equiv! grrrr..
-
-
Replying to @dotchloe
Q: can you name a scenario where the attacker can exploit 'Set-Cookie' in http-equiv?
1 reply 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.