I justed checked a demo on ClickJacking: http://ha.ckers.org/weird/followmouse.html
And sadly the default ClickJacking prevention mechanism in IE catches it and NoScript doesn't alert me or prevents it?
I have ClearClick enabled on trusted and untrusted sites.
[INVALID] Issues with ClearClick in Version 1.9.9.63
-
ClearClick missing something?
[INVALID] Issues with ClearClick in Version 1.9.9.63
Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Issues with ClearClick in Version 1.9.9.63
Nope, ClearClick is working just fine.
That demo is implemented wrongly, since it doesn't account for a real world scenario (i.e. the parent "attacker" document being on a different domain than the embedded "victim" iframe).
Please check http://raffon.net/research/cj/cj.html or another cross-site "real world" PoC, instead.
That demo is implemented wrongly, since it doesn't account for a real world scenario (i.e. the parent "attacker" document being on a different domain than the embedded "victim" iframe).
Please check http://raffon.net/research/cj/cj.html or another cross-site "real world" PoC, instead.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3