Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you- less than expected

From: Michal Zalewski <lcamtuf@coredump.cx>
To: Christian Sciberras <uuf6429@gmail.com>
Cc: bugtraq <bugtraq@securityfocus.com>,full-disclosure <full-disclosure@lists.grok.org.uk>
Subject: Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you- less than expected
Date:


> Interesting stuff indeed. However, I don't see you talk about a solution.
> Why is that?

Because it's bugtraq / full-disclosure, where people generally talk
about vulnerabilities...

I'm not sure I follow your drift about Firefox, I don't believe it's
mentioned anywhere.

> Anyhow, correct me if I'm wrong, but this concept won't work when the
> attacked site requires multiple user interaction, right? As in, the user
> will notice something amiss the second time.

Why?

/mz





Copyright © 1995-2021 LinuxRocket.net. All rights reserved.