Bug 871536 (CVE-2012-1964) Mitigate clickjacking of about:certerror r=Neil a=Callek CLOSED TREE. RELEASE_BASE_20130624 SEAMONKEY_2_19b2_BUILD1 SEAMONKEY_2_19b2_RELEASE
authorPhilip Chee <philip.chee@gmail.com>
Sat, 01 Jun 2013 02:28:34 +0800
changeset 15320 4340c4c52b8f222c1ebd4439b956a61fcfc73eff
parent 15319 25097e6756c79b4714f254130e315eb7b68f0974
child 15321 0b9179cfe65efba057de9da2f16d13083e1daffc
child 15573 c6f7896ad6d6e388c50724a6c94561db75100fb3
push id918
push userphilip.chee@gmail.com
push dateSun, 23 Jun 2013 17:37:03 +0000
treeherdercomm-beta@4340c4c52b8f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersNeil, Callek
bugs871536
Bug 871536 (CVE-2012-1964) Mitigate clickjacking of about:certerror r=Neil a=Callek CLOSED TREE.
suite/common/certError.xhtml
--- a/suite/common/certError.xhtml
+++ b/suite/common/certError.xhtml
@@ -71,21 +71,22 @@
         if (node)
           node.textContent = location.host;
 
         if (getCSSClass() == "expertBadCert") {
           toggle('technicalContent');
           toggle('expertContent');
         }
 
-        // if this is a Strict-Transport-Security host and the cert
-        // is bad, don't allow overrides (STS Spec section 7.3).
-        if (getCSSClass() == "badStsCert") {
+        // Disallow overrides if this is a Strict-Transport-Security
+        // host and the cert is bad (STS Spec section 7.3);
+        // or if the cert error is in a frame (bug 633691).
+        if (getCSSClass() == "badStsCert" || window != window.top) {
           var ec = document.getElementById('expertContent');
-          document.getElementById('errorLongContent').removeChild(ec);
+          ec.parentNode.removeChild(ec);
         }
 
         // Rather than textContent, we need to treat description as HTML
         var sd = document.getElementById("technicalContentText");
         if (!sd)
           return;
 
         var desc = getDescription();