Hacker News new | comments | show | ask | jobs | submit login
Publicly-disclosed UXSS flaw was exploited against Opera users for over 2 years (eligrey.com)
18 points by Sephr 9 months ago | hide | past | web | favorite | 4 comments

Can someone ELI5 what the flaw was and what is possible using this flaw?

Any referred domain had full access to the referring domain (even across multiple redirects).

This means badsite.example can have access to your Google account just from clicking on a Google search result. I made an exploit that worked on Twitter and Reddit to retweet/upvote/etc.

During the period 2010-2012.

Correct. I wanted to include that, but I couldn't fit it in the 80 character title limit.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact