Bug#602886: marked as done (iceweasel: Add backported support for X-FRAME-OPTIONS header for clickjacking mitigation)

Mon, 08 Aug 2011 15:00:19 -0700 

Your message dated Mon, 8 Aug 2011 23:57:15 +0200
with message-id <[email protected]>
and subject line Marking as fixed in the appropriate versions
has caused the Debian Bug report #602886,
regarding iceweasel: Add backported support for X-FRAME-OPTIONS header for 
clickjacking mitigation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
602886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602886
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: iceweasel
Version: 3.5.15-1
Severity: wishlist


Firefox 3.6.9 and above includes support for the X-FRAME-OPTIONS http header
which allows website authors to prevent their site being victim to clickjacking
(UI redressing) attacks.

This is a wishlist item but effectively also has an effect on security for
users with a logged-in session at certain websites.  I have no idea if it would
be easy to patch this for Iceweasel 3.5.x or not - upstream 3.6.9 specifically
introduces no new UI or error messages, just shows about:blank when framing is
not authorised.

This page offers a way of testing if your browser supports the feature:
http://www.enhanceie.com/test/clickjack/

Cheers



-- Package-specific info:

-- Extensions information
Name: CheckPlaces
Location: ${PROFILE_EXTENSIONS}/[email protected]
Status: user-disabled

Name: Default
Location: /usr/lib/iceweasel/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled

Name: DownloadHelper
Location: ${PROFILE_EXTENSIONS}/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Status: enabled

Name: Firebug
Location: 
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/[email protected]
Package: xul-ext-firebug
Status: enabled

Name: Firefox Sync
Location: 
/usr/lib/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{340c2bbc-ce74-4362-90b5-7c26312808ef}
Package: xul-ext-sync
Status: enabled

Name: Force-TLS
Location: ${PROFILE_EXTENSIONS}/[email protected]
Status: enabled

Name: Html Validator
Location: ${PROFILE_EXTENSIONS}/{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
Status: enabled

Name: Personas
Location: ${PROFILE_EXTENSIONS}/[email protected]
Status: enabled

-- Plugins information
Name: DivX® Web Player
Location: /usr/lib/mozilla/plugins/libtotem-mully-plugin.so
Package: totem-mozilla
Status: enabled

Name: Java(TM) Plug-in 1.6.0_22
Location: /usr/lib/jvm/java-6-sun-1.6.0.22/jre/lib/amd64/libnpjp2.so
Package: sun-java6-bin
Status: enabled

Name: QuickTime Plug-in 7.6.6
Location: /usr/lib/mozilla/plugins/libtotem-narrowspace-plugin.so
Package: totem-mozilla
Status: enabled

Name: Shockwave Flash
Location: /usr/lib/flashplugin-nonfree/libflashplayer.so
Status: enabled

Name: VLC Multimedia Plugin (compatible Totem 2.30.2)
Location: /usr/lib/mozilla/plugins/libtotem-cone-plugin.so
Package: totem-mozilla
Status: enabled

Name: Windows Media Player Plug-in 10 (compatible; Totem)
Location: /usr/lib/mozilla/plugins/libtotem-gmp-plugin.so
Package: totem-mozilla
Status: enabled

Name: iTunes Application Detector
Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
Package: rhythmbox-plugins
Status: enabled


-- Addons package information
ii  iceweasel      3.5.15-1       Web browser based on Firefox
ii  rhythmbox-plug 0.12.8-2       plugins for rhythmbox music player
ii  sun-java6-bin  6.22-1         Sun Java(TM) Runtime Environment (JRE) 6 (ar
ii  totem-mozilla  2.30.2-5       Totem Mozilla plugin
ii  xul-ext-firebu 1.5.4-1        web development plugin for Iceweasel/Firefox
ii  xul-ext-sync   1.4.3-1        extension to sync bookmarks, passwords and o

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iceweasel depends on:
ii  debianutils                   3.4        Miscellaneous utilities specific t
ii  fontconfig                    2.8.0-2.1  generic font configuration library
ii  libc6                         2.11.2-7   Embedded GNU C Library: Shared lib
ii  libglib2.0-0                  2.24.2-1   The GLib library of C routines
ii  libgtk2.0-0                   2.20.1-2   The GTK+ graphical user interface 
ii  libnspr4-0d                   4.8.6-1    NetScape Portable Runtime Library
ii  libstdc++6                    4.4.5-4    The GNU Standard C++ Library v3
ii  procps                        1:3.2.8-9  /proc file system utilities
ii  xulrunner-1.9.1               1.9.1.15-1 XUL + XPCOM application runner

iceweasel recommends no packages.

Versions of packages iceweasel suggests:
ii  latex-xft-fonts             1.6.7-1      TrueType versions of some TeX font
ii  libgssapi-krb5-2            1.8.3+dfsg-2 MIT Kerberos runtime libraries - k
ii  libkrb53                    1.8.3+dfsg-2 transitional package for MIT Kerbe
pn  mozplugger                  <none>       (no description available)
ii  ttf-lyx                     1.6.7-1      TrueType versions of some TeX font
pn  ttf-mathematica4.1          <none>       (no description available)
ii  xfonts-mathml               4            Type1 Symbol font for MathML
pn  xprint                      <none>       (no description available)

Versions of packages xulrunner-1.9.1 depends on:
ii  libasound2              1.0.23-2.1       shared library for ALSA applicatio
ii  libatk1.0-0             1.30.0-1         The ATK accessibility toolkit
ii  libbz2-1.0              1.0.5-6          high-quality block-sorting file co
ii  libc6                   2.11.2-7         Embedded GNU C Library: Shared lib
ii  libcairo2               1.8.10-6         The Cairo 2D vector graphics libra
ii  libdbus-1-3             1.2.24-3         simple interprocess messaging syst
ii  libfontconfig1          2.8.0-2.1        generic font configuration library
ii  libfreetype6            2.4.2-1          FreeType 2 font engine, shared lib
ii  libgcc1                 1:4.4.5-4        GCC support library
ii  libglib2.0-0            2.24.2-1         The GLib library of C routines
ii  libgtk2.0-0             2.20.1-2         The GTK+ graphical user interface 
ii  libhunspell-1.2-0       1.2.11-1         spell checker and morphological an
ii  libjpeg62               6b1-1            The Independent JPEG Group's JPEG 
ii  libmozjs2d              1.9.1.15-1       The Mozilla SpiderMonkey JavaScrip
ii  libnspr4-0d             4.8.6-1          NetScape Portable Runtime Library
ii  libnss3-1d              3.12.8-1         Network Security Service libraries
ii  libpango1.0-0           1.28.3-1         Layout and rendering of internatio
ii  libpng12-0              1.2.44-1         PNG library - runtime
ii  libreadline6            6.1-3            GNU readline and history libraries
ii  libsqlite3-0            3.7.3-1          SQLite 3 shared library
ii  libstartup-notification 0.10-1           library for program launch feedbac
ii  libstdc++6              4.4.5-4          The GNU Standard C++ Library v3
ii  libx11-6                2:1.3.3-3        X11 client-side library
ii  libxrender1             1:0.9.6-1        X Rendering Extension client libra
ii  libxt6                  1:1.0.7-1        X11 toolkit intrinsics library
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 3.6.9-1

--- End Message ---

Reply via email to