Full Disclosure: Re: silly PoCs continue: X-Frame-Options give you less than expected

Re: silly PoCs continue: X-Frame-Options give you less than expected

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sat, 10 Dec 2011 18:05:12 -0800

Interesting stuff indeed. However, I don't see you talk about a solution.
Why is that?


Because it's bugtraq / full-disclosure, where people generally talk
about vulnerabilities...

I'm not sure I follow your drift about Firefox, I don't believe it's
mentioned anywhere.

Anyhow, correct me if I'm wrong, but this concept won't work when the
attacked site requires multiple user interaction, right? As in, the user
will notice something amiss the second time.


Why?

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 10)
- Re: silly PoCs continue: X-Frame-Options give you less than expected xD 0x41 (Dec 10)
- Re: silly PoCs continue: X-Frame-Options give you less than expected Dave (Dec 10)
- Re: silly PoCs continue: X-Frame-Options give you less than expected Christian Sciberras (Dec 11)
  - Re: silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 11)
    - Re: silly PoCs continue: X-Frame-Options give you less than expected Christian Sciberras (Dec 11)
    - Re: silly PoCs continue: X-Frame-Options give you less than expected Michal Zalewski (Dec 11)