[Webkit-unassigned] [Bug 73083] Fix the Frame Leak Attack

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Apr 1 19:45:39 PDT 2012


--- Comment #24 from Sam Weinig <sam at webkit.org>  2012-04-01 19:45:38 PST ---
(From update of attachment 133116)
View in context: https://bugs.webkit.org/attachment.cgi?id=133116&action=review

> Source/WebCore/ChangeLog:4
> +        Fix the frame leak attack.
> +        https://bugs.webkit.org/show_bug.cgi?id=73083

This title is too aggressive for a change log.

> Source/WebCore/ChangeLog:9
> +        Block cross-origin iframe scroll to fragment behaviour to avoid leaking the
> +        presence or absence of ids on the page.  FF has done this for all iframes for
> +        a year now, but our change is more sophisticated in that it only does this in
> +        the dangerous cross-orgin case.

What is the reason for not matching Firefox? Has there been compat fallout?

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list