Bug 1428473 Comment 18 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Hanno Boeck

on 2019-01-06 09:17:29 PST

(Hidden by Administrator)

Revision 1 by

Frederik Braun [:freddy] (OOO - Back April 8th)

on 2019-08-15 00:10:48 PDT

Just FYI, I plan to make a larger disclosure on mime type issues in early February.

I consider the fact that XCTO nosniff does not disable HTML sniffing a security flaw. The spec may say so, but this heavily violates expectations and opens up practical XSS attacks (see e.g. bug 1509518).

Back to Bug 1428473 Comment 18