Avatar for Username

Iskanje po podpori

Izogibajte se prevarantski tehnični podpori. Nikoli vam ne bomo naročili, da pokličete telefonsko številko ali nam pošljete osebne podatke. Sumljivo dejavnost prijavite z gumbom »Prijavi zlorabo«.

Več o tem

Ta tema je arhivirana. Postavite prosim novo vprašanje, če potrebujete pomoč.

Probable security leak in v.10. called "Aurora".

  • 2 odgovora
  • 1 ima to težavo
  • 1 ogled
  • Zadnji odgovor od genuslupae

genuslupae
genuslupae
more options

See screenshot Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame:

<frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"> <frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"> </frameset>

[http://plus.google.com/u/0/photos/116651664550077808951/albums/5684898762064588369/5684898760770226818 See screenshot] Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame: &lt;frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"&gt; &lt;frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"&gt; &lt;/frameset&gt;

Spremenil genuslupae

Izbrana rešitev

NO WAY!

While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!

[20:29:53.186] Error: Permission denied to access property 'document'

love Aurora

Preberite ta odgovor v kontekstu 👍 0

Vsi odgovori (2)

genuslupae
genuslupae Lastnik vprašanja
more options

O.K., You had The Chance, guys.

genuslupae
genuslupae Lastnik vprašanja
more options

Izbrana rešitev

NO WAY!

While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!

[20:29:53.186] Error: Permission denied to access property 'document'

love Aurora