Closed masatokinugawa closed 2 months ago
This is an interesting one, I'm glad it is documented. However, requiring special permissions is considered out of scope here, as LavaDome is by definition vulnerable to higher privileged entities (e.g. extensions, web-drivers, special permissions, etc). Closing.
Although it requires user interaction, this might be one to keep in mind as a possible attack.