[Webkit-unassigned] [Bug 73083] Fix the Frame Leak Attack
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Apr 1 19:45:39 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=73083
--- Comment #24 from Sam Weinig <sam at webkit.org> 2012-04-01 19:45:38 PST ---
(From update of attachment 133116)
View in context: https://bugs.webkit.org/attachment.cgi?id=133116&action=review
> Source/WebCore/ChangeLog:4
> + Fix the frame leak attack.
> + https://bugs.webkit.org/show_bug.cgi?id=73083
This title is too aggressive for a change log.
> Source/WebCore/ChangeLog:9
> + Block cross-origin iframe scroll to fragment behaviour to avoid leaking the
> + presence or absence of ids on the page. FF has done this for all iframes for
> + a year now, but our change is more sophisticated in that it only does this in
> + the dangerous cross-orgin case.
What is the reason for not matching Firefox? Has there been compat fallout?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list