Camino nightlies are vulnerable to this frame spoof. Camino Branch 0.8 is not. seems related to http://bugzilla.mozilla.org/show_bug.cgi?id=246448 adding jst in cc because he fixed the above bug.
Widely published bug (see URL), no need for the confidential flag.
so josh get's this bug on his radar
Is this still a bug and, if so, shouldn't it be fixed for 0.9?
can we get a testcase on this bug?
Flags: camino0.9? → camino0.9+
(In reply to comment #4) > can we get a testcase on this bug? I can't reproduce. Maybe it has been fixed. I need to check with a version from August.
placing on the 0.9 list, let's nail this and verify it as fixed.
Target Milestone: --- → Camino0.9
I cannot reproduce this with a trunk build from 2005050514.
NM - that comment is wrong. We are still vulnerable.
I still can't reproduce, following the steps in the Secunia advisory.
I have the same experience as comment 9 Opening the MSDN link in step 1 in a new window spawns that window. Clicking the Secunia link in step 2 opens it in another new window. Using the 6/15 nightly. Could it be a combination of preferences that cause this behavior?
I can't reproduce this either. It's spawning two new windows as stated in comment 10. Josh: Are you sure we're still vulnerable?
jst/bz: do either of you know if the frame spoofing vulnerability is fixed for embedding apps?
I believe it should be, yes.... Certainly if we're talking about bug 296850, that patch works for embedding just like it does for non-embedding builds.
-> josh for resolution.
Assignee: pinkerton → joshmoz
josh: please justify comment #8 :)
I can't repro any more, but I'm quite sure I could at the time... Closing.
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.