On Jun 19, 2014, at 11:48 AM, Sean McArthur <[email protected]> wrote:
>
>
>
> On Thu, Jun 19, 2014 at 11:46 AM, Chris Karlof <[email protected]> wrote:
>
> Ryan, we can keep framed content secure from the rest of the page.
>
>
> An attack that is enabled by having our auth in an iframe: A malicious site
> can position an invisible form over the iframe, and capture the keypress
> events for the password.
>
yeah, we'd have to worry about clickjacking attacks.
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
