Nextcloud: Federated editing allows iframing possibly malicious remotes

So this attack is less likely now that you killed the trusted server auto adding. But as far as I could tell you did not clear out old servers. Let me first describe the attack: 1. UserA on ServerA sends a federated share to userB on serverB 2. Assume serverA and serverB are trusted servers 3. No...

LastPass Credential Leak From Previous Site

lastpass: bypassing dopopupregister leaks credentials from previous site I noticed that you can create a popup without calling dopopupregister by iframing popupfilltab.html i.e. via moz-extension, ms-browser-extension, chrome-extension, etc. It's a valid webaccessibleresource. Because...