top | item 38020695

(no title)

missblit | 2 years ago

Besides windows.open I'd wonder if iframes could also be vulnerable if they launch in the same process.

Chrome and Firefox both support Out-Of-Process Iframes as part of their security setup; though I'm not sure if Firefox has it enabled by default yet. Firefox even drew some lovely pictures about it here: https://hacks.mozilla.org/2021/05/introducing-firefox-new-si...

discuss

No comments yet.