Double-Clickjacking
Could you explain what 2.1.2rc5 does differently compared to earlier versions in relation to, OAuth User Data Theft via Double-clickjacking?
For me, the google window comes up in front, not behind.
That aside, once I move it out of the way, & double-click the button, I don't know that I'm seeing anything different from what happened with 2.1.2rc4? As in, I may or may not have inadvertently clicked the 'Allow Access' button in the Google window?
(Actually I may have, but if I did, I'm seeing no action from the window?)
Double-Clickjacking
Double-Clickjacking
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20110706 Firefox/5.0 SeaMonkey/2.2
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Double-Clickjacking
That's the point of the new feature: each window is "quarantined" WRT mouse and keyboard interaction for one second since last interaction with a window from a different address (actually, in next build, this will be relaxed to "a window from a different host", so that quick navigation via back & forward links on cached pages, e.g. multi-page search results, doesn't get impaired).therube wrote:(Actually I may have, but if I did, I'm seeing no action from the window?)
This way, double clicking on a page can never result in actually clicking once on that page and next on different one.
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Re: Double-Clickjacking
Any particular reason for that?For me, the google window comes up in front, not behind.
The PoC does not seem to work in SeaMonkey regardless of NoScript?
(It certainly does in FF5.)
Perhaps there is an offset change needed?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20110706 Firefox/5.0 SeaMonkey/2.2