I think this bug report is invalid. For several years Web browsers have insisted on showing the address bar, or the status bar, or both, in any popup window as a way of distinguishing it from native application windows. Can you provide a demo which avoids this security measure?
If it was possible to fake the gksudo window in this way it would also be possible to fake the PolicyKit dialog, or Seahorse's Change Password dialog, or the password dialogs from Evolution or Thunderbird or Pidgin or any other program that uses passwords, in exactly the same way. So the problem would still need to be fixed in the Web browser. -- [security] update-notifier auto popups maybe spoofed by the webbrowser https://bugs.launchpad.net/bugs/370248 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
