Closed
Bug 580804
Opened 14 years ago
Closed 8 years ago
cert exception procedure can be accelerated with clickjacking
Categories
(Core Graveyard :: Security: UI, defect)
Core Graveyard
Security: UI
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 633691
People
(Reporter: geekboy, Unassigned)
Details
(Keywords: sec-low, Whiteboard: [sg:low])
Elie Bursztein reported to me: A site can overlay a frame with a bad cert and steal two clicks to simulate opening the "I understand the risks" call-out, and "Add Exception" buttons. This secretly bypasses the hidden cert error page requiring the user to only click "Confirm Security Exception" in the final dialog to add the cert exception.
Updated•14 years ago
|
Whiteboard: [sg:low]
Could we make the "Add exception" button be a "open in top window" button if the page is iframed? Which would set top.location = window.location when clicked.
Reporter | ||
Comment 2•14 years ago
|
||
+1 for "open in top window"
We have to watch out for the parent page reaching into the child iframe and messing up whatever "are we iframed" checks we do.
Reporter | ||
Comment 4•14 years ago
|
||
Would it make sense to have a separate page entirely for framed errors? Yeah, I know, it's lots of duplication, but then the code linking to the cert exception dialog couldn't possibly be called from the outer page if it doesn't exist. Maybe that's overkill. Maybe there's enough cross-domain action going on that it wouldn't be scriptable.
Updated•9 years ago
|
Group: core-security → dom-core-security
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
Updated•8 years ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•