[guardian-dev] Android WebView SOP vulnerability (CVE-2014-6041)
Adam Kruger
a.kruger at psiphon.ca
Thu Sep 18 15:26:07 EDT 2014
On Thu Sep 18 2014 at 15:01:21, Nathan of Guardian wrote:
> Orweb only allows on window at a time, and no tabs. I need to
> dig deeper into the bug, but my hope was that we aren't
> vulnerable because of that.
>
> Our understanding is that content in iframes could violate SOP, so even
with one browser window/tab at a time there is a problem.
> Have you seen our work on Orfox? I think we are going to
> accelerate a release there, and kill off all of our WebView
> based efforts.
>
> Yes. I'm looking forward to seeing an Orfox release.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140918/2e8100d8/attachment.html>
More information about the Guardian-dev
mailing list