Bypassing a 3 layer SVG sanitizer: Stored XSS in Mozilla
The bypass, the parser differential, and the missing write().
9 min read
Bug BountyMozillaXSSSVG
Blog
Writing
Notes on application security, automation, and secure engineering.
Blog
Notes on application security, automation, and secure engineering.