Blog Archive 2016 JetBrains IDE Remote Code Execution and Local File Disclosure Aug 15 2016 2015 Leaking Clipboard Contents With Flash: Let’s Explore User-Initiated Actions! Aug 02 2015 2014 Seizing Control of Yahoo! Mail Cross-Origin… Again Dec 09 2014 Spooky Sanitization Stories: Analyzing the XSS Flaw in Reddit Enhancement Suite Apr 12 2014 Yahoo’s Pet Show of Horrors: Leaking a User’s Emails Crossdomain Mar 01 2014 What’s That Smell? Sniffing Cross-origin Frame Content in Firefox Using Timing Attacks Feb 05 2014 2013 Abusing NoScript’s Global Whitelist Rules to Reveal Trusted Sites (the Easy Way) Dec 18 2013 Bypassing RequestPolicy’s Whitelist Using the Jar: URI Scheme Nov 29 2013