Probable security leak in v.10. called "Aurora".
See screenshot Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame:
<frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"> <frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"> </frameset>
Diubah
Penyelesaian terpilih
NO WAY!
While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!
[20:29:53.186] Error: Permission denied to access property 'document'
love Aurora
Baca jawapan ini dalam konteks 👍 0All Replies (2)
O.K., You had The Chance, guys.
Penyelesaian Terpilih
NO WAY!
While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!
[20:29:53.186] Error: Permission denied to access property 'document'
love Aurora