Closed Bug 249770 Opened 20 years ago Closed 20 years ago

Frame Injection Flaw regressed and is visible in 1.8a milestone

Categories

(SeaMonkey :: Bookmarks & History, defect)

Product:
SeaMonkey
Component:
Bookmarks & History
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 246448

People

(Reporter: smkatz, Assigned: p_ch)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520 I tested Securina's test, and it worked perfectly on the 1.8a milestone despite the fact that even Securina admits it only works up through 1.6, and users of the forum say it was patched in 1.7 Reproducible: Didn't try Steps to Reproduce: 1. Follow Securina's testcase Actual Results: The test (described in the link provided) works, indicating a security vulnerability. specifically, it injects content from the frontmost window into another window with frames. Expected Results: It seems to me this justifies a security warning. I see legitamete uses for injecting content. Never in e-mail, and if done from one domain to the other it should raise red flags. Since this is public, I was not sure whether security applied, but am checking it anyway.
>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520 1.8a1 is too old to contain the fix (it was released more than three weeks before 1.7). this is fixed for alpha2 and in current nightly builds. clearing security-sensitive flag, since the other bug is already public. *** This bug has been marked as a duplicate of 246448 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.