BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
RE: [FD] Major Internet Explorer Vulnerability - NOT Patched Feb 05 2015 08:18AM
Dimitris Strevinas (d strevinas obrela com)
Ben, we have reproduced the vulnerability in many occasion.
First of all, at least to steal the session it is no matter if
X-Frame-Option is set to deny/same-origin.
Secondly, we were able to easily bypass the alert popup. It is not needed if
you implement the "waiting" logic with a synchronous AJAX...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus