Red Hat Bugzilla – Bug 977613
CVE-2013-1696 Mozilla: X-Frame-Options ignored when using server push with multi-part responses (MFSA 2013-58)
Last modified: 2013-06-26 02:56:04 EDT
Bugzilla developer Frédéric Buclin reported that the X-Frame-Options header is ignored when server push is used in multi-part responses. This can lead to potential clickjacking on sites that use X-Frame-Options as a protection.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frédéric Buclin as the original reporter.
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6