Camino Trunk is vulnerable to frame spoofing

RESOLVED FIXED in Camino0.9

Status

Camino Graveyard
General
RESOLVED FIXED
14 years ago
13 years ago

People

(Reporter: Usul, Assigned: Josh Aas)

Tracking

({regression})

unspecified
Camino0.9
PowerPC
Mac OS X
regression
Bug Flags:
camino0.9 +

Details

(Whiteboard: [sg:fix], URL)

(Reporter)

Description

14 years ago
Camino nightlies are vulnerable to this frame spoof. Camino Branch 0.8 is not.

seems related to http://bugzilla.mozilla.org/show_bug.cgi?id=246448

adding jst in cc because he fixed the above bug.
Widely published bug (see URL), no need for the confidential flag.
Group: security
Whiteboard: [sg:fix]
(Reporter)

Comment 2

14 years ago
so josh get's this bug on his radar
Is this still a bug and, if so, shouldn't it be fixed for 0.9?
Flags: camino0.9?
can we get a testcase on this bug?
Flags: camino0.9? → camino0.9+
(Reporter)

Comment 5

13 years ago
(In reply to comment #4)
> can we get a testcase on this bug?

I can't reproduce. Maybe it has been fixed. I need to check with a version from
August.
placing on the 0.9 list, let's nail this and verify it as fixed.
Target Milestone: --- → Camino0.9
(Assignee)

Comment 7

13 years ago
I cannot reproduce this with a trunk build from 2005050514.
(Assignee)

Comment 8

13 years ago
NM - that comment is wrong. We are still vulnerable.
Depends on: 296850

Comment 9

13 years ago
I still can't reproduce, following the steps in the Secunia advisory.

Comment 10

13 years ago
I have the same experience as comment 9

Opening the MSDN link in step 1 in a new window spawns that window. Clicking the
Secunia link in step 2 opens it in another new window. Using the 6/15 nightly.

Could it be a combination of preferences that cause this behavior?
I can't reproduce this either. It's spawning two new windows as stated in
comment 10.

Josh: Are you sure we're still vulnerable?

Comment 12

13 years ago
jst/bz: do either of you know if the frame spoofing vulnerability is fixed for
embedding apps?
I believe it should be, yes....  Certainly if we're talking about bug 296850,
that patch works for embedding just like it does for non-embedding builds.

Comment 14

13 years ago
-> josh for resolution.
Assignee: pinkerton → joshmoz

Comment 15

13 years ago
josh: please justify comment #8 :)
(Assignee)

Comment 16

13 years ago
I can't repro any more, but I'm quite sure I could at the time... Closing.
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.