[tor-bugs] #5477 [EFF-HTTPS Everywhere]: HTTPS Everywhere sometimes causes iframes to behave strangely (take over their window?)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Apr 17 06:55:57 UTC 2012


#5477: HTTPS Everywhere sometimes causes iframes to behave strangely (take over
their window?)
------------------------------------------------------+---------------------
 Reporter:  Drugoy                                    |          Owner:  pde
     Type:  defect                                    |         Status:  new
 Priority:  major                                     |      Milestone:     
Component:  EFF-HTTPS Everywhere                      |        Version:     
 Keywords:  address spoofing, critical vulnerability  |         Parent:     
   Points:                                            |   Actualpoints:     
------------------------------------------------------+---------------------

Comment(by mikeperry):

 From reading the source of the exploit, my conclusion is that this is a
 race condition brought about by the HTTPS-E synthetic redirect that
 somehow allows the document.write to bypass the same origin policy (http
 frame is able to write to an "https" origin).

 My opinion that the reference to the window should become invalid after
 our redirect (or the rendered window should be cleared). For some reason
 neither happens...

 Can we send Giorgio another wizard robe? Or do we owe him several already?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list