Full Disclosure mailing list archives
Re: silly PoCs continue: X-Frame-Options give you less than expected
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sat, 10 Dec 2011 18:05:12 -0800
Interesting stuff indeed. However, I don't see you talk about a solution. Why is that?
Because it's bugtraq / full-disclosure, where people generally talk about vulnerabilities... I'm not sure I follow your drift about Firefox, I don't believe it's mentioned anywhere.
Anyhow, correct me if I'm wrong, but this concept won't work when the attacked site requires multiple user interaction, right? As in, the user will notice something amiss the second time.
Why? /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 10)
- Re: silly PoCs continue: X-Frame-Options give you less than expected xD 0x41 (Dec 10)
- Re: silly PoCs continue: X-Frame-Options give you less than expected Dave (Dec 10)
- Re: silly PoCs continue: X-Frame-Options give you less than expected Christian Sciberras (Dec 10)
- Re: silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 10)
- Re: silly PoCs continue: X-Frame-Options give you less than expected Christian Sciberras (Dec 11)
- Re: silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 11)
- Re: silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 10)