Endpoint Vulnerability

X-Frame-Options ignored when using server push with multi-part responses

Description

Bugzilla developer Fr d ric Buclin reported that the X-Frame-Options header is ignored when server push is used in multi-part responses. This can lead to potential clickjacking on sites that use X-Frame-Options as a protection.

Affected Products

SeaMonkey

References

CVE-2013-1696,