Auth related images are the attack vector, that and history attacks on same domain.
On Tue, Apr 25, 2017 at 11:17 PM, Salvador de la Puente < sdelapue...@mozilla.com> wrote: > Sorry for my ignorance but, in the case of Stealing cross-origin resources, > I don't get the point of the attack. If have the ability to embed the image > in step 1, why to not simply send this to evil.com for further processing? > How it is possible for evil.com to get access to protected resources? > > On Tue, Apr 25, 2017 at 8:04 PM, Ehsan Akhgari <ehsan.akhg...@gmail.com> > wrote: > > > On 04/25/2017 10:25 AM, Andrew Overholt wrote: > > > >> On Tue, Apr 25, 2017 at 9:35 AM, Eric Rescorla <e...@rtfm.com> wrote: > >> > >> Going back to Jonathan's (I think) question. Does anyone use this at all > >>> in > >>> the field? > >>> > >>> Chrome's usage metrics say <= 0.0001% of page loads: > >> https://www.chromestatus.com/metrics/feature/popularity#Ambi > >> entLightSensorConstructor. > >> > > > > This is the new version of the spec which we don't ship. > > > > > > We are going to collect telemetry in > >> https://bugzilla.mozilla.org/show_bug.cgi?id=1359124. > >> _______________________________________________ > >> dev-platform mailing list > >> dev-platform@lists.mozilla.org > >> https://lists.mozilla.org/listinfo/dev-platform > >> > > > > _______________________________________________ > > dev-platform mailing list > > dev-platform@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-platform > > > > > > -- > <salva /> > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
