Just to see if we're on the same page, would a genuine sandbox count as a mitigation under your definition? (Because I view it as a hard security boundary, rather than a mitigation.)
-
-
We've seen vulnerabilities arising from both incorrect implementation of DOM APIs and incorrect IPC code. Of course the former are way more common, and that's why we sandbox. But it's a matter of degree, and hence fuzzy.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.