Probable security leak in v.10. called "Aurora".
See screenshot Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame:
<frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"> <frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"> </frameset>
Ezalaki modifié
Solution eye eponami
NO WAY!
While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!
[20:29:53.186] Error: Permission denied to access property 'document'
love Aurora
Tanga eyano oyo ndenge esengeli 👍 0All Replies (2)
O.K., You had The Chance, guys.
Solution eye oponami
NO WAY!
While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!
[20:29:53.186] Error: Permission denied to access property 'document'
love Aurora