Brian May <b...@debian.org> writes: > I am still a bit unclear in the CVE-2016-4412 / PMASA-2016-57 > vulnerability. Ok, so lets say the vulnerability is in the HTTP_REFERER > having the token.
Curiously while I can reproduce this in Firefox, I can't under Chrome, as it doesn't seem to provide the Referer header in this situation. -- Brian May <b...@debian.org>
