Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

Probable security leak in v.10. called "Aurora".

  • 2 fhreagra
  • 1 leis an bhfadhb seo
  • 2 views
  • Freagra is déanaí ó genuslupae

more options

See screenshot Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame:

<frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"> <frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"> </frameset>

Athraithe ag genuslupae ar

Réiteach roghnaithe

NO WAY!

While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!

[20:29:53.186] Error: Permission denied to access property 'document'

love Aurora

Read this answer in context 👍 0

All Replies (2)

more options

O.K., You had The Chance, guys.

more options

Réiteach Roghnaithe

NO WAY!

While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!

[20:29:53.186] Error: Permission denied to access property 'document'

love Aurora