Re: Partial SOP Bypass via W3 Standards from Yan Zhu on 2017-09-12 (public-webappsec@w3.org from September 2017)

From: Yan Zhu <yan@brave.com>
Date: Tue, 12 Sep 2017 20:07:39 +0000
To: David Dworken <david@daviddworken.com>
Cc: public-webappsec@w3.org
Message-ID: <CAO04vJ9ymWOzXscWm0n962TXWEYNFsxuH2g3yNzHgpiCoQO9SQ@mail.gmail.com>

For Brave, you can email me or file it at https://hackerone.com/brave.

On Sun, Sep 10, 2017 at 4:25 PM, David Dworken <david@daviddworken.com> wrote:
> Hi,
>
> I have discovered a partial SOP bypass that works in every browser due to a
> fundamental flaw in the W3 standards (for the time being, reach out to me
> individually if you need to see the proof of concept). Is this the correct
> place to open a discussion on how to fix or mitigate this flaw? Or is there
> a limited subset of trusted W3 members I should include in the discussion?
> Or should I send in bug reports to individual browser vendors?
>
> Thanks,
> David Dworken

Received on Tuesday, 12 September 2017 20:09:17 UTC