Closed
Bug 890927
Opened 11 years ago
Closed 11 years ago
Cross domain documents with no Content-Type header that would sniff as HTML leaking when loaded as CSS
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 562377
People
(Reporter: curtisk, Unassigned)
Details
(Keywords: sec-low)
Date: Thu, 04 Jul 2013 14:16:30 +0200
From: sigbjorn@opera.com
To: security@mozilla.org
Subject: Cross domain HTML leaking when loaded as CSS
-----//-----
Hi,
Remember http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html?
Turned out Chromium, and upon closer investigation also Firefox, fails on a TC in our testsuite, see http://people.opera.com/sigbjorn/temp/CrossDomainHTMLAsCSSLeak.html.
Only happens for blank content types, so limited attack potential. All browsers accept html served without content types though, so a definite bug, and quite possibly misconfigured servers out there.
--
Sigbjørn Vik
Opera Software
Comment 1•11 years ago
|
||
> Only happens for blank content types,
It's hard to say something is "not CSS" if it's got a blank Content-Type, now isn't it?
In any case, this looks like a duplicate of bug 562377.
Summary: Cross domain HTML leaking when loaded as CSS → Cross domain documents with no Content-Type header that would sniff as HTML leaking when loaded as CSS
Comment 2•11 years ago
|
||
As per Boris, marking sec-low, duplicate of 562377, unhiding bug.
Group: core-security
Status: NEW → RESOLVED
Closed: 11 years ago
Keywords: sec-low
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•