Closed Bug 890927 Opened 11 years ago Closed 11 years ago

Cross domain documents with no Content-Type header that would sniff as HTML leaking when loaded as CSS

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 562377

People

(Reporter: curtisk, Unassigned)

Details

(Keywords: sec-low)

Date: Thu, 04 Jul 2013 14:16:30 +0200 From: sigbjorn@opera.com To: security@mozilla.org Subject: Cross domain HTML leaking when loaded as CSS -----//----- Hi, Remember http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html? Turned out Chromium, and upon closer investigation also Firefox, fails on a TC in our testsuite, see http://people.opera.com/sigbjorn/temp/CrossDomainHTMLAsCSSLeak.html. Only happens for blank content types, so limited attack potential. All browsers accept html served without content types though, so a definite bug, and quite possibly misconfigured servers out there. -- Sigbjørn Vik Opera Software
> Only happens for blank content types, It's hard to say something is "not CSS" if it's got a blank Content-Type, now isn't it? In any case, this looks like a duplicate of bug 562377.
Summary: Cross domain HTML leaking when loaded as CSS → Cross domain documents with no Content-Type header that would sniff as HTML leaking when loaded as CSS
As per Boris, marking sec-low, duplicate of 562377, unhiding bug.
Group: core-security
Status: NEW → RESOLVED
Closed: 11 years ago
Keywords: sec-low
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.