This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Probable security leak in v.10. called "Aurora".

  • 2
  • 1 nwere nsogbu anwere nsogbu a
  • 3 views
  • Nzaghachi ikpeazụ nke genuslupae

more options

See screenshot Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame:

<frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"> <frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"> </frameset>

[http://plus.google.com/u/0/photos/116651664550077808951/albums/5684898762064588369/5684898760770226818 See screenshot] Then one logged in to Google sites account, and then opens http://genuslupae.co.nr/ which is third-party framed re-director to my own Google site, Aurora mixes http top frame with https child frame with private Google logged user data, at least e-mail address. security.warn_viewing_mixed is set to true. MSIE 8 do not warns me also, but it shows HTTP, not HTTPS, as properly asked by my top frame: &lt;frameset rows="100%,*" frameborder="NO" border="0" framespacing="0"&gt; &lt;frame name="conr_main_frame" src="http://sites.google.com/site/repertiziani/"&gt; &lt;/frameset&gt;

Edeziri site na genuslupae

Asịsa ahọpụtara

NO WAY!

While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!

[20:29:53.186] Error: Permission denied to access property 'document'

love Aurora

Gụọ azịza a na nghọta 👍 0

All Replies (2)

more options

O.K., You had The Chance, guys.

more options

Asịsa Ahọpụtara

NO WAY!

While one (top frame owner) tries to access they "own" frames collection via javaScript located in the header section or in the event call string, it will be stopped just after window.frames[0]!

[20:29:53.186] Error: Permission denied to access property 'document'

love Aurora