Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 5.2-milestone-1
Affects Version/s: 5.1
Component/s: Security
Labels:
None

Difficulty:
Unknown
Documentation:
N/A
Documentation in Release Notes:
N/A
Similar issues:

Description

The CSRF warning page can be displayed in an IFRAME. That could enable a malicious user to use some UI Redressing attack to perform clickjacking. The CSRF resubmit page shouldn't be allowed to be displayed in an IFrame.

Attachments

Activity

People

Assignee:: Thomas Delafosse

Reporter:: Thomas Delafosse

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Jul/13 12:14

Updated:: 29/Jul/13 15:04

Resolved:: 29/Jul/13 15:04

Date of First Response:: 29/Jul/13 3:04 PM