124
edits
Security Severity Ratings/Client: Difference between revisions
Jump to navigation
Jump to search
tweaks
No edit summary |
(tweaks) |
||
| Line 47: | Line 47: | ||
* Techniques that put the browser into fullscreen mode without user interaction or while obscuring the notification | * Techniques that put the browser into fullscreen mode without user interaction or while obscuring the notification | ||
* Techniques that overlay the address bar with another piece of browser chrome to obscure it | * Techniques that overlay the address bar with another piece of browser chrome to obscure it | ||
* Private Browsing Mode data leaks discoverable in the Browser UI (excepting user-directed actions like Bookmarks/Permissions) | |||
* Private Browsing Mode data leaks to disk on Desktop | * Private Browsing Mode data leaks to disk on Desktop | ||
* Disclosure of OS username | * Disclosure of OS username | ||
| Line 60: | Line 61: | ||
|- | |- | ||
| | | | ||
* Private Browsing Mode data leaks to disk on Mobile | * Private Browsing Mode data leaks to disk on Mobile, excepting data cleaned on startup due to process reaping | ||
* Techniques that cause a JavaScript alert to be shown with a different domain in the address bar | * Techniques that cause a JavaScript alert to be shown with a different domain than the one in the address bar (or one of its nested browsing contexts) | ||
* Detection of a previous visit to a specific site, or when the affected site has a certain configuration | * Detection of a previous visit to a specific site, or when the affected site has a certain configuration | ||
* Identification of users by profiling browsing behavior. | * Identification of users by profiling browsing behavior. | ||