Looking at bug 1094835, I think we should add bmoattachments.org to the Public Suffix List to disallow sharing of cookies between potentially malicious attachments and other information? CCing glob to weigh in (or not) (I was reminded of this by looking at https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-zheng-updated.pdf)
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WORKSFORME
Summary: Add h to the Public Suffix List → Add bmoattachments.org to the Public Suffix List
You need to log in before you can comment on or make changes to this bug.