On Wed, Aug 3, 2016 at 2:37 PM, Robert O'Callahan <rob...@ocallahan.org> wrote:
> On Wed, Aug 3, 2016 at 4:10 PM, Michael Howell <michaelhowell...@gmail.com > > > wrote: > > > I can think of one advantage right now: by having script and layout in > > separate processes, a compromised script thread doesn't automatically > give > > an attacker the ability to produce malformed display lists that draw > > outside the tab boundary. > > > > Seems to me this can easily be prevented by clipping the display lists > produced by content layout. > Even outside of compromise script threads, Firefox gets a steady trickle of bugs where somebody figures out how to get some content-controlled UI thing (like a context menu) to overlay privileged UI like the URL bar. These are usually fairly weak as far as spoofing attacks go, but I think it would be nice if banning content from overlaying chrome could be done, changing a front end bug from a possible exploit into a weird graphical glitch. UI designers might not like such a hard restriction, though. Andrew > Rob > -- > lbir ye,ea yer.tnietoehr rdn rdsme,anea lurpr edna e hnysnenh hhe uresyf > toD > selthor stor edna siewaoeodm or v sstvr esBa kbvted,t > rdsme,aoreseoouoto > o l euetiuruewFa kbn e hnystoivateweh uresyf tulsa rehr rdm or rnea > lurpr > .a war hsrer holsa rodvted,t nenh hneireseoouot.tniesiewaoeivatewt sstvr > esn > _______________________________________________ > dev-servo mailing list > dev-servo@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-servo > _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo