W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2017

Re: Partial SOP Bypass via W3 Standards

From: Yan Zhu <yan@brave.com>
Date: Tue, 12 Sep 2017 20:07:39 +0000
Message-ID: <CAO04vJ9ymWOzXscWm0n962TXWEYNFsxuH2g3yNzHgpiCoQO9SQ@mail.gmail.com>
To: David Dworken <david@daviddworken.com>
Cc: public-webappsec@w3.org
For Brave, you can email me or file it at https://hackerone.com/brave.

On Sun, Sep 10, 2017 at 4:25 PM, David Dworken <david@daviddworken.com> wrote:
> Hi,
>
> I have discovered a partial SOP bypass that works in every browser due to a
> fundamental flaw in the W3 standards (for the time being, reach out to me
> individually if you need to see the proof of concept). Is this the correct
> place to open a discussion on how to fix or mitigate this flaw? Or is there
> a limited subset of trusted W3 members I should include in the discussion?
> Or should I send in bug reports to individual browser vendors?
>
> Thanks,
> David Dworken
Received on Tuesday, 12 September 2017 20:09:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:23 UTC