Probable security leak in v.10. called "Aurora".
See screenshot Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame:
<frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"> <frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"> </frameset>
Modificadas por genuslupae el
Solución elegida
NO WAY!
While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!
[20:29:53.186] Error: Permission denied to access property 'document'
love Aurora
Leer esta respuesta en su contexto 👍 0Todas las respuestas (2)
O.K., You had The Chance, guys.
Solución elegida
NO WAY!
While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!
[20:29:53.186] Error: Permission denied to access property 'document'
love Aurora