On Wed, Aug 21, 2019 at 7:40 PM Sebastian Streich wrote:
> Estimated or target release: Firefox 70
The plan is to enable this on Firefox 72 Nightly to see if there's any
fallout that needs addressing. It will not ride the trains. This is
tracked by https://bugzilla.mozilla.org/show_bug.cgi?id
On Thursday, August 22, 2019 at 11:26:55 AM UTC+9, Martin Thomson wrote:
> Hi Sebastian,
>
> I'm glad to see us moving toward having better isolation in this way.
>
> In discussions of this sort of keying strategy, the guidance I repeatedly
> hear is that "double-keying" isn't sufficient and that
On Thu, Aug 22, 2019 at 4:26 AM Martin Thomson wrote:
> What is the tuple we're keying on?
Top-level origin only. This still allows C to attack B in your
scenario (or vice versa). There's a variety of other side channel
attacks on " sites" too, including various members of the
Window object, hist
Hi Sebastian,
I'm glad to see us moving toward having better isolation in this way.
In discussions of this sort of keying strategy, the guidance I repeatedly
hear is that "double-keying" isn't sufficient and that you need to key on
the chain of origins. That is, if A frames B and C, and B in tur
4 matches
Mail list logo