All users were logged out of Bugzilla on October 13th, 2018

Frame Injection Flaw regressed and is visible in 1.8a milestone

RESOLVED DUPLICATE of bug 246448

Status

--
critical
RESOLVED DUPLICATE of bug 246448
15 years ago
14 years ago

People

(Reporter: smkatz, Assigned: p_ch)

Tracking

Trunk
x86
Windows XP

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520

I tested Securina's test, and it worked perfectly on the 1.8a milestone despite
the fact that even Securina admits it only works up through 1.6, and users of
the forum say it was patched in 1.7

Reproducible: Didn't try
Steps to Reproduce:
1. Follow Securina's testcase


Actual Results:  
The test (described in the link provided) works, indicating a security
vulnerability. specifically, it injects content from the frontmost window into
another window with frames.

Expected Results:  
It seems to me this justifies a security warning. I see legitamete uses for
injecting content. Never in e-mail, and if done from one domain to the other it
should raise red flags.

Since this is public, I was not sure whether security applied, but am checking
it anyway.
>User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1)
Gecko/20040520

1.8a1 is too old to contain the fix (it was released more than three weeks
before 1.7). this is fixed for alpha2 and in current nightly builds.

clearing security-sensitive flag, since the other bug is already public.

*** This bug has been marked as a duplicate of 246448 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.