5 comments

[ 3.5 ms ] story [ 27.2 ms ] thread
Title seems misleading. The same-origin bypass is via Flash. The Firefox portion is having a funky URL/hostname, which Flash then uses (edit: mis-parses).
Very interesting exploit. I wonder what else is affected by IP addresses parsing issues.