On Wed, Dec 11, 2013 at 10:18:09PM +0100, Stefan Schurtz wrote: > it is possible to load > "https://www.facebook.com/login/reauth.php?next=https://www.facebook.com/confirmphone.php&display=popup"; > in another page. [...] > My question: is this really not a security problem on Facebook?
It's say it is a problem, especially given that drag/drop isn't blocked on that page. Did you report this to Facebook yet?
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
