I highlighted this in my review comments in bug 1474651 but it was ignored. Right now we allow attackers to set cookies using document.cookie in 3rd party contexts.
Attachment #8992098 - Flags: review?(amarchesini) → review+
I couldn't land your patch. Ehsan: Please set the issues opened by the reviewer as fixed by commit so review board allows to land them. Thank you.
Pushed by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/5f39a82a042e Block setting cookies using document.cookie when restricting 3rd party storage; r=baku
(In reply to Eliza Balazs [:ebalazs_] from comment #3) > I couldn't land your patch. Ehsan: Please set the issues opened by the > reviewer as fixed by commit so review board allows to land them. Thank you. Hi Eliza, not sure what issue was the problem here, but looks like the right patch was pushed, so thanks a lot! Let me know if any further action is needed on my part. :-)
You need to log in before you can comment on or make changes to this bug.