[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected

To: Christian Sciberras <uuf6429@xxxxxxxxx>
Subject: Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected
From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
Date: Sat, 10 Dec 2011 18:05:12 -0800

> Interesting stuff indeed. However, I don't see you talk about a solution.
> Why is that?

Because it's bugtraq / full-disclosure, where people generally talk
about vulnerabilities...

I'm not sure I follow your drift about Firefox, I don't believe it's
mentioned anywhere.

> Anyhow, correct me if I'm wrong, but this concept won't work when the
> attacked site requires multiple user interaction, right? As in, the user
> will notice something amiss the second time.

Why?

/mz

Prev by Date: Re: seamless bait-and-switch
Next by Date: Re: the week of silly PoCs continues: data://www.mybank.com/
Previous by thread: [ MDVSA-2011:184 ] krb5
Next by thread: [ MDVSA-2011:185 ] libcap
Index(es):
- Date
- Thread