Comment 9 for bug 1447679

Revision history for this message
Jeremy Stanley (fungi) wrote :

Tristan: C1 probably. There is plenty an attacker can do if they have access to someone's browser history, and as already pointed out they would need to exploit it before the session validity expires (10 minutes by default). This falls squarely in the realm of impracticality.

I recommend we switch this to a normal bug report on Monday unless there are objections to the contrary before then.