Hide Forgot
Bugzilla developer Frédéric Buclin reported that the "X-Frame-Options" header is ignored when the value is duplicated, for example "X-Frame-Options: SAMEORIGIN, SAMEORIGIN". This duplication occurs for unknown reasons on some websites and when it occurs results in Mozilla browsers not being protected against possible clickjacking attacks on those pages. Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-51.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developer Frédéric Buclin as the original reporter of this issue.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1089 https://rhn.redhat.com/errata/RHSA-2012-1089.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1088 https://rhn.redhat.com/errata/RHSA-2012-1088.html