[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: HTTPS Everywhere sometimes causes iframes to behave strangely (take over their window?)



#5477: HTTPS Everywhere sometimes causes iframes to behave strangely (take over
their window?)
------------------------------------------------------+---------------------
 Reporter:  Drugoy                                    |          Owner:  pde
     Type:  defect                                    |         Status:  new
 Priority:  major                                     |      Milestone:     
Component:  EFF-HTTPS Everywhere                      |        Version:     
 Keywords:  address spoofing, critical vulnerability  |         Parent:     
   Points:                                            |   Actualpoints:     
------------------------------------------------------+---------------------

Comment(by mikeperry):

 From reading the source of the exploit, my conclusion is that this is a
 race condition brought about by the HTTPS-E synthetic redirect that
 somehow allows the document.write to bypass the same origin policy (http
 frame is able to write to an "https" origin).

 My opinion that the reference to the window should become invalid after
 our redirect (or the rendered window should be cleared). For some reason
 neither happens...

 Can we send Giorgio another wizard robe? Or do we owe him several already?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs