On 3/12/15 10:26 AM, Ehsan Akhgari wrote:
Well, top level navigation cancels the fullscreen mode, right?
The attack scenario I'm thinking is:
1) User loads http://a.com
2) Attacker immediately sets location to http://b.com
3) Attacker's hacked-up b.com goes fullscreen, pretending to still be
a.com to the user by spoofing browser chrome, while also turning on the
camera because the user granted permission to b.com to do that at some
point.
That sort of thing.
-Boris
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
