Issue 5540049: Fix vulnerability due to overflow of CSS beyond container boundary (Closed)
DescriptionIt is possible to craft guest code creating visible content outside
the boundary of the double-DIV sandbox enforced by Caja. For example:
<div style="margin-left:-150px;margin-top:0px;width:110px;">
<div>Phishing content</div>
</div>
This was introduced at r4374 due to the removal of a CSS property
"overflow: hidden" in the caja.js styling of the container DIVs.
This vulnerability allows guest content authors to overlay and mimic
the user interface of surrounding container content, and thus attempt
to phish the end-user into entering into the guest content information
that would normally only be revealed to the container.
See http://code.google.com/p/google-caja/issues/detail?id=1442
Patch Set 1 #Patch Set 2 : Fix vulnerability due to overflow of CSS beyond container boundary #
Total comments: 6
Patch Set 3 : Fix vulnerability due to overflow of CSS beyond container boundary #Patch Set 4 : Fix vulnerability due to overflow of CSS beyond container boundary #Patch Set 5 : Fix vulnerability due to overflow of CSS beyond container boundary #Patch Set 6 : Fix vulnerability due to overflow of CSS beyond container boundary #
MessagesTotal messages: 9
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
