Hey Jordan. Thanks for the feedback – I'll pass this on to Matt, who's on the security team. - Mike (:mcomella)
On Sat, Jul 9, 2016 at 6:06 AM, Jordan Johnston <johnstonljor...@gmail.com> wrote: > Hi, > > Recently, I watched a blackhat conference talk on youtube entitled > "Bypassing Browser Security Policies For Fun And Profit", found here: > > https://www.youtube.com/watch?v=P5R4KeCzO-Q > > It would seem that many mobile browsers are susceptible to these types of > attacks and I was curious how fennec (built from source a couple of days > ago) stacked up and if it would be vulnerable to the Same Origin Policy > bypass issues discussed in the talk. I went ahead and downloaded the > SOP-Bypass-Mini-Test-Suite from github, found here: > > https://github.com/rafaybaloch/SOP-Bypass-Mini-Test-Suite > > Fennec did pass many tests, but there did seem to be a number of tests > that it did fail. I'm definitely not the person to address these issues, > but I thought I might point it out, as maybe someone within mozilla working > on mobile, might be interested in having a look. > > anyway, I just thought I would point it out. > > Thanks and take care > > Jordan > > > > > > _______________________________________________ > mobile-firefox-dev mailing list > mobile-firefox-dev@mozilla.org > https://mail.mozilla.org/listinfo/mobile-firefox-dev > >
_______________________________________________ mobile-firefox-dev mailing list mobile-firefox-dev@mozilla.org https://mail.mozilla.org/listinfo/mobile-firefox-dev
