

Matryoshka: Wrapping Overflow Leak on Frames - sirdarckcat
http://sirdarckcat.blogspot.com/2013/09/matryoshka-wrapping-overflow-leak-on.html

======
mcphilip
Fascinating.

Is it correct to say that extracting information about the text in a target
iframe using this attack depends on knowing the pixel widths of all the
characters in the font used in an arbitrary line of text in the target iframe?

~~~
Perseids
It is even more complex as the width of a text in most fonts also varies with
the specific order of the characters because of kerning (VAI takes less space
than VIA, because the A is placed closer to the V in former) and ligatures
(for example the dot of the i in "fi" is often swallowed by the f).

------
guruz
From the headline, i first thought about the MKV video container and video
frames. :)

------
mylorse
Good thing I do not run Javascript, esp. when items are fetched from other
domains:

[http://postimg.org/image/3m9v8eyrx/](http://postimg.org/image/3m9v8eyrx/)

I wonder how many people are still naive, and just leave it JS on, no
questions asked..

~~~
rspeer
Q: How do you know when an HN user browses the Web with JavaScript turned off?

A: They'll tell you.

------
rwmj
Could the browser make small fractional random changes (+/-1 px) to the
requested iframe size to avoid this attack?

