On 18 September 2014 15:10, Nathan of Guardian <[email protected]> wrote: > On Thu, Sep 18, 2014, at 03:26 PM, Adam Kruger wrote: > On Thu Sep 18 2014 at 15:01:21, Nathan of Guardian wrote: > > Orweb only allows on window at a time, and no tabs. I need to > dig deeper into the bug, but my hope was that we aren't > vulnerable because of that. > > Our understanding is that content in iframes could violate SOP, so even with > one browser window/tab at a time there is a problem. > > > Hmm, so the attack is that a MiTM somehow injects a malicious iframe into a > site you are visiting... but if they can do that, then can't they already > see the content you are access? > > Who is creating the malicious iFrame and with what goal? What am I missing?
The way I'd exploit it is by sending you a link via email/txt/chatsecure when I think/hope you're on your phone with some enticing subject like "Someone just dropped a ChatSecure 0day on ExploitDB. That link would send you to a page with some nonsense text that's really long for you to read through. Meanwhile I stuck a couple of iframes hidden on the page that frame gmail, facebook, whatever else is interesting. Anything you're logged in to would allow full page extraction - all your emails, facebook info, etc etc. Add with some crawling through the html and you could extract near-limitless information so long as the victim kept the page open. -tom _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
