Simon Willison’s Weblog

We’ve found CSRF vulnerabilities in sites that have a huge incentive to do security correctly. If you’re in charge of a website and haven’t specifically protected against CSRF, chances are you’re vulnerable.

— Bill Zeller # 29th September 2008, 1:11 pm

Currently WebRunner applications share cookies with other WebRunner applications, but not with Firefox. WebRunner uses its own profile, not Firefox’s profile. There is a plan to allow WebRunner applications to create their own, private profiles as well.

— Mark Finkle # 30th September 2007, 4:08 pm