Closed
Bug 254921
Opened 20 years ago
Closed 19 years ago
Camino Trunk is vulnerable to frame spoofing
Categories
(Camino Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
Camino0.9
People
(Reporter: Usul, Assigned: jaas)
References
()
Details
(Keywords: regression, Whiteboard: [sg:fix])
Camino nightlies are vulnerable to this frame spoof. Camino Branch 0.8 is not. seems related to http://bugzilla.mozilla.org/show_bug.cgi?id=246448 adding jst in cc because he fixed the above bug.
Comment 1•20 years ago
|
||
Widely published bug (see URL), no need for the confidential flag.
Group: security
Whiteboard: [sg:fix]
Reporter | ||
Comment 2•20 years ago
|
||
so josh get's this bug on his radar
Is this still a bug and, if so, shouldn't it be fixed for 0.9?
Flags: camino0.9?
Reporter | ||
Comment 5•19 years ago
|
||
(In reply to comment #4) > can we get a testcase on this bug? I can't reproduce. Maybe it has been fixed. I need to check with a version from August.
Comment 6•19 years ago
|
||
placing on the 0.9 list, let's nail this and verify it as fixed.
Target Milestone: --- → Camino0.9
I cannot reproduce this with a trunk build from 2005050514.
Comment 9•19 years ago
|
||
I still can't reproduce, following the steps in the Secunia advisory.
Comment 10•19 years ago
|
||
I have the same experience as comment 9 Opening the MSDN link in step 1 in a new window spawns that window. Clicking the Secunia link in step 2 opens it in another new window. Using the 6/15 nightly. Could it be a combination of preferences that cause this behavior?
Comment 11•19 years ago
|
||
I can't reproduce this either. It's spawning two new windows as stated in comment 10. Josh: Are you sure we're still vulnerable?
Comment 12•19 years ago
|
||
jst/bz: do either of you know if the frame spoofing vulnerability is fixed for embedding apps?
Comment 13•19 years ago
|
||
I believe it should be, yes.... Certainly if we're talking about bug 296850, that patch works for embedding just like it does for non-embedding builds.
Comment 15•19 years ago
|
||
josh: please justify comment #8 :)
Assignee | ||
Comment 16•19 years ago
|
||
I can't repro any more, but I'm quite sure I could at the time... Closing.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•