On Thu, Jun 19, 2014 at 11:46 AM, Chris Karlof <[email protected]> wrote:
> > Ryan, we can keep framed content secure from the rest of the page. > > An attack that is enabled by having our auth in an iframe: A malicious site can position an invisible form over the iframe, and capture the keypress events for the password.
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
