Closed
Bug 763346
Opened 12 years ago
Closed 12 years ago
Clickjacking is possible in buglist.cgi?bug_id=somebug&tweak=1 on Firefox
Categories
(Bugzilla :: Query/Bug List, defect)
Bugzilla
Query/Bug List
Tracking
()
RESOLVED
DUPLICATE
of bug 761667
People
(Reporter: netfuzzerr, Unassigned)
References
()
Details
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1163.0 Safari/537.1 Steps to reproduce: Hi, Firefox ignores X-FRAME-OPTIONS when Content-disposition:inline; filename="bugs-2012-06-10.html" is setted and may allow clickjacking attacks. Patch may be change stuff to Content-disposition:download; filename="bugs-2012-06-10.html" or just add framebuster on page source "<script>if(top.location != self.location) top.location = self.location; }</script>". PoC: data:text/html,<iframe height=800 width=800 frameborder=0 src="https://landfill.bugzilla.org/bugzilla-tip/buglist.cgi?bug_id=17249&tweak=1" border=0></iframe> Works only on Firefox. Cheers, Mario.
Reporter | ||
Comment 1•12 years ago
|
||
Just correcting, framebuster is "<script>if(top.location != self.location) top.location = self.location;</script>".
Reporter | ||
Updated•12 years ago
|
Comment 2•12 years ago
|
||
This has nothing to do with Content-disposition. It's a bug in Firefox, not in Bugzilla. Keeping this bug in the security group till bug 761667 is fixed.
Assignee: general → query-and-buglist
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Component: Bugzilla-General → Query/Bug List
Resolution: --- → DUPLICATE
Reporter | ||
Comment 3•12 years ago
|
||
May I see the problem? (In reply to Frédéric Buclin from comment #2) > This has nothing to do with Content-disposition. It's a bug in Firefox, not > in Bugzilla. > > Keeping this bug in the security group till bug 761667 is fixed. > > *** This bug has been marked as a duplicate of bug 761667 ***
Comment 4•11 years ago
|
||
Fixed in Firefox 22, see https://www.mozilla.org/security/announce/2013/mfsa2013-58.html
Group: bugzilla-security
You need to log in
before you can comment on or make changes to this bug.
Description
•