All users were logged out of Bugzilla on October 13th, 2018
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520 I tested Securina's test, and it worked perfectly on the 1.8a milestone despite the fact that even Securina admits it only works up through 1.6, and users of the forum say it was patched in 1.7 Reproducible: Didn't try Steps to Reproduce: 1. Follow Securina's testcase Actual Results: The test (described in the link provided) works, indicating a security vulnerability. specifically, it injects content from the frontmost window into another window with frames. Expected Results: It seems to me this justifies a security warning. I see legitamete uses for injecting content. Never in e-mail, and if done from one domain to the other it should raise red flags. Since this is public, I was not sure whether security applied, but am checking it anyway.
>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520 1.8a1 is too old to contain the fix (it was released more than three weeks before 1.7). this is fixed for alpha2 and in current nightly builds. clearing security-sensitive flag, since the other bug is already public. *** This bug has been marked as a duplicate of 246448 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.