Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

Firefox promiscuous IFRAME access bug. Lets malicious sites “display disruptive or misleading contents in the context of an attacked site” and intercept keystrokes! The demo worked in Camino 1.5 as well. Avoid using Gecko-based browsers until this is patched?

Posted 6th June 2007 at 10 am

Tagged , , , ,

3 comments

  1. Well, you have to visit malicious sites or sites highly exposed of XSS attacks to be exposed. I'd say it's a minor threat. However, if this may lead to Opera's user base increasing, I'm all for it. ;-)

    Asbjørn Ulsberg - 6th June 2007 12:44 - #

  2. Opera ftw!

    Matt Cox - 6th June 2007 19:49 - #

  3. Certainly don't use IE instead, which has a much worse cookie theft bug announced at the same time.

    dbt - 7th June 2007 16:48 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site