Pete Collins wrote:
Looking into this issue for Linspire Internet Suite we maintain, looks like the fix for this exploithttp://secunia.com/multiple_browsers_frame_injection_vulnerability_test/is just a simple pref setting ... pref("browser.frame.validate_origin", true); --pete
Didn't work in Suite 1.7.8 for me either ??? _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security