Avatar for Username

Caută ajutor

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Află mai multe

Acest fir de discuție a fost arhivat. Adresează o întrebare nouă dacă ai nevoie de ajutor.

Probable security leak in v.10. called "Aurora".

  • 2 răspunsuri
  • 1 are această problemă
  • 1 vizualizare
  • Ultimul răspuns de genuslupae

genuslupae
genuslupae
more options

See screenshot Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame:

<frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"> <frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"> </frameset>

[http://plus.google.com/u/0/photos/116651664550077808951/albums/5684898762064588369/5684898760770226818 See screenshot] Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame: &lt;frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"&gt; &lt;frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"&gt; &lt;/frameset&gt;

Modificat în de genuslupae

Soluție aleasă

NO WAY!

While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!

[20:29:53.186] Error: Permission denied to access property 'document'

love Aurora

Citește acest răspuns în context 👍 0

Toate răspunsurile (2)

genuslupae
genuslupae Deținătorul întrebării
more options

O.K., You had The Chance, guys.

genuslupae
genuslupae Deținătorul întrebării
more options

Soluție aleasă

NO WAY!

While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!

[20:29:53.186] Error: Permission denied to access property 'document'

love Aurora