Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-1696

Source

Mozilla Foundation Security Advisory 2013-58

X-Frame-Options ignored when using server push with multi-part responses

Announced

June 25, 2013

Reporter

Frédéric Buclin

Impact

Moderate

Products

Firefox, SeaMonkey

Fixed in

Firefox 22
SeaMonkey 2.19

Description

Bugzilla developer Frédéric Buclin reported that the X-Frame-Options header is ignored when server push is used in multi-part responses. This can lead to potential clickjacking on sites that use X-Frame-Options as a protection.

References

Firefox ignores the X-Frame-Options header when using server push (CVE-2013-1696)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

X-Frame-Options ignored when using server push with multi-part responses

X-Frame-Options ignored when using server push with multi-part responses

Description

References

Vulmon Search

About

Products

Connect