Bug 871536 (CVE-2012-1964) Mitigate clickjacking of about:certerror r=Neil a=Callek CLOSED TREE.
authorPhilip Chee <philip.chee@gmail.com>
Sat, 01 Jun 2013 02:28:34 +0800
changeset 18503 77ec547b5146cbf2a1787210d10a5c5c9567e437
parent 18502 98964551fc101f26e2aeef8a6ce9b58041ab1bb8
child 18504 184c3151bdef7efea035b9a7bec2c3a5fb5f5cc7
push id902
push userbugzilla@standard8.plus.com
push dateMon, 05 Aug 2013 09:09:02 +0000
treeherdertry-comm-central@36a590aa4907 [default view] [failures only]
reviewersNeil, Callek
bugs871536
Bug 871536 (CVE-2012-1964) Mitigate clickjacking of about:certerror r=Neil a=Callek CLOSED TREE.
suite/common/certError.xhtml
--- a/suite/common/certError.xhtml
+++ b/suite/common/certError.xhtml
@@ -71,21 +71,22 @@
         if (node)
           node.textContent = location.host;
 
         if (getCSSClass() == "expertBadCert") {
           toggle('technicalContent');
           toggle('expertContent');
         }
 
-        // if this is a Strict-Transport-Security host and the cert
-        // is bad, don't allow overrides (STS Spec section 7.3).
-        if (getCSSClass() == "badStsCert") {
+        // Disallow overrides if this is a Strict-Transport-Security
+        // host and the cert is bad (STS Spec section 7.3);
+        // or if the cert error is in a frame (bug 633691).
+        if (getCSSClass() == "badStsCert" || window != window.top) {
           var ec = document.getElementById('expertContent');
-          document.getElementById('errorLongContent').removeChild(ec);
+          ec.parentNode.removeChild(ec);
         }
 
         // Rather than textContent, we need to treat description as HTML
         var sd = document.getElementById("technicalContentText");
         if (!sd)
           return;
 
         var desc = getDescription();