This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Created attachment 165086 [details] Click Jacking bug report poc Bug Type : ClickJacking Checked in : Google Chrome OS : Windows 8.1 Domain="https://netbeans.org/" Impact : Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker. POC: <html> <head> <title>Clickjack test page</title> </head> <body> <p><center>Website is vulnerable to clickjacking.</center></p> <iframe src="https://netbeans.org/" width="1247" height="800"></iframe> </body> </html> .Save it as anyname.html eg: test.html 3.And simply just browse that html page POC is attached Regards, Raja Ahtisham, Web security researcher.
Thanks for the report. We will be soon migrating to Apache infrastructure. Closing as WONTFIX.
Closing.