W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2017

Partial SOP Bypass via W3 Standards

From: David Dworken <david@daviddworken.com>
Date: Sun, 10 Sep 2017 16:25:38 +0000
Message-ID: <CA+b2-LccfRAbGgDoZFWO=aCsPZg8hK=AeJMVEvKG2hg_Qzr=ew@mail.gmail.com>
To: public-webappsec@w3.org
Hi,

I have discovered a partial SOP bypass that works in every browser due to a
fundamental flaw in the W3 standards (for the time being, reach out to me
individually if you need to see the proof of concept). Is this the correct
place to open a discussion on how to fix or mitigate this flaw? Or is there
a limited subset of trusted W3 members I should include in the discussion?
Or should I send in bug reports to individual browser vendors?

Thanks,
David Dworken
Received on Monday, 11 September 2017 14:05:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:23 UTC