[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: HTTPS Everywhere sometimes causes iframes to behave strangely (take over their window?)

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: HTTPS Everywhere sometimes causes iframes to behave strangely (take over their window?)
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 17 Apr 2012 06:55:57 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 Apr 2012 02:56:11 -0400
In-reply-to: <046.ae2ee838b13caea9348aa964fae75ba1@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.ae2ee838b13caea9348aa964fae75ba1@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5477: HTTPS Everywhere sometimes causes iframes to behave strangely (take over
their window?)
------------------------------------------------------+---------------------
 Reporter:  Drugoy                                    |          Owner:  pde
     Type:  defect                                    |         Status:  new
 Priority:  major                                     |      Milestone:     
Component:  EFF-HTTPS Everywhere                      |        Version:     
 Keywords:  address spoofing, critical vulnerability  |         Parent:     
   Points:                                            |   Actualpoints:     
------------------------------------------------------+---------------------

Comment(by mikeperry):

 From reading the source of the exploit, my conclusion is that this is a
 race condition brought about by the HTTPS-E synthetic redirect that
 somehow allows the document.write to bypass the same origin policy (http
 frame is able to write to an "https" origin).

 My opinion that the reference to the window should become invalid after
 our redirect (or the rendered window should be cleared). For some reason
 neither happens...

 Can we send Giorgio another wizard robe? Or do we owe him several already?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs